Fireside (https://fireside.fm) via web01.fireside.fmTechSNAPhttps://techsnap.systems
Thu, 14 Feb 2019 21:00:00 -0800Systems, Network, and Administration Podcast. Every week TechSNAP covers the stories that impact those of us in the tech industry, and all of us that follow it. Every episode we dedicate a portion of the show to answer audience questions, discuss best practices, and solving your problems.
en-usepisodicWeekly Systems, Network, and Administration Podcast. Jupiter BroadcastingSystems, Network, and Administration Podcast. Every week TechSNAP covers the stories that impact those of us in the tech industry, and all of us that follow it. Every episode we dedicate a portion of the show to answer audience questions, discuss best practices, and solving your problems.
noJupiter Broadcastingchris@jupiterbroadcasting.com397: Quality Toolshttps://techsnap.systems/397
a6b87767-ad4e-429f-b82a-703023411eb6Thu, 14 Feb 2019 21:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingJoin Jim and Wes as they battle bufferbloat, latency spikes, and network hogs with some of their favorite tools for traffic shaping, firewalling, and QoS.40:39noJoin Jim and Wes as they battle bufferbloat, latency spikes, and network hogs with some of their favorite tools for traffic shaping, firewalling, and QoS.
Plus the importance of sane defaults and why netdata belongs on every system.
bitorrent,latency,qos,bandwidth,networking,command line,wondershaper,tc,traffic control,queing discipline,network discipline ,FireHOL,FireQOS,netdata,qdisc,queues,traffic shaping,sane defaults,rate limit,tcp,udp,iptables,firewall,routing,home networking,netdata,monitoring,networking engineering,mpls,vpn,wireguard,openvpn,gre,bufferbloat,munin,nagios,collectd,prometheus,
Join Jim and Wes as they battle bufferbloat, latency spikes, and network hogs with some of their favorite tools for traffic shaping, firewalling, and QoS.

Plus the importance of sane defaults and why netdata belongs on every system.

Links:

Why you want QoS - Netdata Documentation — One of the features the Linux kernel has, but it is rarely used, is its ability to apply QoS on traffic. Even most interesting is that it can apply QoS to both inbound and outbound traffic.

FireQOS Wiki — FireQOS is a helper to assist you configure traffic shaping on Linux.

tc(8) man page — Traffic Control consists of the following:
SHAPING
When traffic is shaped, its rate of transmission is under control. Shaping may be more than lowering the available bandwidth - it is also used to smooth out bursts in traffic for better network behaviour. Shaping occurs on egress.
SCHEDULING
By scheduling the transmission of packets it is possible to improve interactivity for traffic that needs it while still guaranteeing bandwidth to bulk transfers. Reordering is also called prioritizing, and happens only on egress.
POLICING
Where shaping deals with transmission of traffic, policing pertains to traffic arriving. Policing thus occurs on ingress.
DROPPING
Traffic exceeding a set bandwidth may also be dropped forthwith, both on ingress and on egress.

Overview of Traffic Control Concepts — Traffic control is the name given to the sets of queuing systems and mechanisms by which packets are received and transmitted on a router. This includes deciding which (and whether) packets to accept at what rate on the input of an interface and determining which packets to transmit in what order at what rate on the output of an interface.

]]>
Join Jim and Wes as they battle bufferbloat, latency spikes, and network hogs with some of their favorite tools for traffic shaping, firewalling, and QoS.

Plus the importance of sane defaults and why netdata belongs on every system.

Links:

Why you want QoS - Netdata Documentation — One of the features the Linux kernel has, but it is rarely used, is its ability to apply QoS on traffic. Even most interesting is that it can apply QoS to both inbound and outbound traffic.

FireQOS Wiki — FireQOS is a helper to assist you configure traffic shaping on Linux.

tc(8) man page — Traffic Control consists of the following:
SHAPING
When traffic is shaped, its rate of transmission is under control. Shaping may be more than lowering the available bandwidth - it is also used to smooth out bursts in traffic for better network behaviour. Shaping occurs on egress.
SCHEDULING
By scheduling the transmission of packets it is possible to improve interactivity for traffic that needs it while still guaranteeing bandwidth to bulk transfers. Reordering is also called prioritizing, and happens only on egress.
POLICING
Where shaping deals with transmission of traffic, policing pertains to traffic arriving. Policing thus occurs on ingress.
DROPPING
Traffic exceeding a set bandwidth may also be dropped forthwith, both on ingress and on egress.

Overview of Traffic Control Concepts — Traffic control is the name given to the sets of queuing systems and mechanisms by which packets are received and transmitted on a router. This includes deciding which (and whether) packets to accept at what rate on the input of an interface and determining which packets to transmit in what order at what rate on the output of an interface.

ZFS On Linux Landing Workaround For Linux 5.0 Kernel Support — So while these symbols are important for SIMD vectorized checksums for ZFS in the name of performance, with Linux 5.0+ they are not going to be exported for use by non-GPL modules. ZFS On Linux developer Tony Hutter has now staged a change that would disable vector instructions on Linux 5.0+ kernels.

The future of ZFS in FreeBSD — This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD's ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly so that we might all have a singleshared code base.

Dephix: Kickoff to The Future — OpenZFS has grown over the last decade, and delivering our application on Linux provides great OpenZFS support while enabling higher velocity adoption of new environments.

The future of ZFS on Linux [zfs-discuss] —
Do you realize that we don’t actually need the symbols that the kernel removed. It All they do is save/restore of register state while turning off/on preemption. Nothing stops us from doing that ourselves. It is possible to implement our own substitutes using code from either Illumos or FreeBSD or even write our own.
Honestly, I am beginning to think that my attempt to compromise with mainline gave the wrong impression. I am simply tired of this behavior by them and felt like reaching out to put an end to it. In a few weeks, we will likely be running on Linux 5.0 as if those symbols had never been removed because we will almost certainly have our own substitutes for them. Having to bloat our code because mainline won’t give us access to trivial functionality is annoying, but it is not the end of the world.

]]>
Jim and Wes are joined by OpenZFS developer Richard Yao to explain why the recent drama over Linux kernel 5.0 is no big deal, and how his fix for the underlying issue might actually make things faster.

Plus the nitty-gritty details of vectorized optimizations and kernel preemption, and our thoughts on the future of the relationship between ZFS and Linux.

ZFS On Linux Landing Workaround For Linux 5.0 Kernel Support — So while these symbols are important for SIMD vectorized checksums for ZFS in the name of performance, with Linux 5.0+ they are not going to be exported for use by non-GPL modules. ZFS On Linux developer Tony Hutter has now staged a change that would disable vector instructions on Linux 5.0+ kernels.

The future of ZFS in FreeBSD — This state of affairs has led to a general agreement among the stakeholders that I have spoken to that it makes sense to rebase FreeBSD's ZFS on ZoL. Brian Behlendorf has graciously encouraged me to add FreeBSD support directly so that we might all have a singleshared code base.

Dephix: Kickoff to The Future — OpenZFS has grown over the last decade, and delivering our application on Linux provides great OpenZFS support while enabling higher velocity adoption of new environments.

The future of ZFS on Linux [zfs-discuss] —
Do you realize that we don’t actually need the symbols that the kernel removed. It All they do is save/restore of register state while turning off/on preemption. Nothing stops us from doing that ourselves. It is possible to implement our own substitutes using code from either Illumos or FreeBSD or even write our own.
Honestly, I am beginning to think that my attempt to compromise with mainline gave the wrong impression. I am simply tired of this behavior by them and felt like reaching out to put an end to it. In a few weeks, we will likely be running on Linux 5.0 as if those symbols had never been removed because we will almost certainly have our own substitutes for them. Having to bloat our code because mainline won’t give us access to trivial functionality is annoying, but it is not the end of the world.

Looking Forward to 2019 - Let's Encrypt — We’re now serving more than 150 million websites while maintaining a stellar security and compliance track record. Most importantly though, the Web went from 67% encrypted page loads to 77% in 2018, according to statistics from Mozilla. This is an incredible rate of change!

Let's Encrypt ACME v2 API Announcements — Now that the draft standard is in last-call and the pace of major changes has slowed, we’re able to release a “v2” API that is much closer to what will become the final ACME RFC.

Let's Encrypt disables TLS-SNI-01 validation — The researcher noticed that "at least two" large hosting providers host many users on the same IP address and users are able to upload certificates for arbitrary names without proving they have control of a domain.

Looking Forward to 2019 - Let's Encrypt — We’re now serving more than 150 million websites while maintaining a stellar security and compliance track record. Most importantly though, the Web went from 67% encrypted page loads to 77% in 2018, according to statistics from Mozilla. This is an incredible rate of change!

Let's Encrypt ACME v2 API Announcements — Now that the draft standard is in last-call and the pace of major changes has slowed, we’re able to release a “v2” API that is much closer to what will become the final ACME RFC.

Let's Encrypt disables TLS-SNI-01 validation — The researcher noticed that "at least two" large hosting providers host many users on the same IP address and users are able to upload certificates for arbitrary names without proving they have control of a domain.

]]>
394: All About Azurehttps://techsnap.systems/394
2e588701-e7a1-4462-99fa-e7ea2275b375Thu, 10 Jan 2019 04:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingWes is joined by a special guest to take a look back on the growth and development of Azure in 2018 and discuss some of its unique strengths.26:09noWes is joined by a special guest to take a look back on the growth and development of Azure in 2018 and discuss some of its unique strengths. Special Guest: Chad M. Crowell.
Azure, Microsoft, AWS, Cloud, command line, virtualization, Hybrid Cloud, Active Directory, VPC, VPN, Powershell, Powershell core, Azure Sphere, Azure Stack, File Sync, MSSQL, Windows, Linux, Security, Networking, SysAdmin podcast, DevOps, TechSNAP
Wes is joined by a special guest to take a look back on the growth and development of Azure in 2018 and discuss some of its unique strengths.

]]>
393: Back to our /rootshttps://techsnap.systems/393
1126dc11-7156-4c4d-84f1-a9aa9bf4ebcfThu, 03 Jan 2019 04:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingIn a special new year’s episode we take a moment to reflect on the show’s past, its future, and say goodbye to an old friend.22:22noIn a special new year’s episode we take a moment to reflect on the show’s past, its future, and say goodbye to an old friend.
Security Breach, Flash, AWS, Cloud, Bitcoin, Dropbox, Sony, PSN Breach, Wordpress, SSL, TLS, Allan Jude, FreeBSD, Jim Salter, Information Density, Automation, Bitcoin, Security, Networking, SysAdmin podcast, DevOps, TechSNAP
In a special new year’s episode we take a moment to reflect on the show’s past, its future, and say goodbye to an old friend.

Links:

Jim Salter — Jim Salter (@jrssnet) is an author, public speaker, small business owner, mercenary sysadmin, and father of three—not necessarily in that order. He got his first real taste of open source by running Apache on his very own dedicated FreeBSD 3.1 server back in 1999, and he's been a fierce advocate of FOSS ever since.

]]>
In a special new year’s episode we take a moment to reflect on the show’s past, its future, and say goodbye to an old friend.

Links:

Jim Salter — Jim Salter (@jrssnet) is an author, public speaker, small business owner, mercenary sysadmin, and father of three—not necessarily in that order. He got his first real taste of open source by running Apache on his very own dedicated FreeBSD 3.1 server back in 1999, and he's been a fierce advocate of FOSS ever since.

Demystifying Kubernetes CVE-2018-1002105 — With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.

Demystifying Kubernetes CVE-2018-1002105 — With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.

VENOM Vulnerability — VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host.

s2n — s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority.

OpenBGPD — OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.

Sennheiser Headset Software Could Allow Man-in-the-Middle SSL Attacks — When users have been installing Sennheiser's HeadSetup software, little did they know that the software was also installing a root certificate into the Trusted Root CA Certificate store. To make matters worse, the software was also installing an encrypted version of the certificate's private key that was not as secure as the developers may have thought.

VENOM Vulnerability — VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host.

s2n — s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority.

OpenBGPD — OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.

Sennheiser Headset Software Could Allow Man-in-the-Middle SSL Attacks — When users have been installing Sennheiser's HeadSetup software, little did they know that the software was also installing a root certificate into the Trusted Root CA Certificate store. To make matters worse, the software was also installing an encrypted version of the certificate's private key that was not as secure as the developers may have thought.

]]>
Episode 390: What’s Up with WireGuardhttps://techsnap.systems/390
6cd3cd3c-79c7-4978-8102-042f935a1344Thu, 22 Nov 2018 10:30:00 -0800Jupiter BroadcastingfullJupiter BroadcastingWireGuard has a lot of buzz around it and for many good reasons. We’ll explain what WireGuard is specifically, what it can do, and maybe more importantly, what it can’t.34:55noWireGuard has a lot of buzz around it and for many good reasons. We’ll explain what WireGuard is specifically, what it can do, and maybe more importantly, what it can’t. Special Guest: Jim Salter.
WireGuard, VPN, IPSEC, Linux, Algo, Private Networking, Jim Salter, ssh, Security, Networking, SysAdmin podcast, DevOps, TechSNAP
WireGuard has a lot of buzz around it and for many good reasons. We’ll explain what WireGuard is specifically, what it can do, and maybe more importantly, what it can’t.

]]>
Episode 388: The One About eBPFhttps://techsnap.systems/388
64a6b392-dd6b-4be1-805a-e88b17e029ecThu, 25 Oct 2018 15:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingWe explain what eBPF is, how it works, and its proud BSD production legacy.36:57noWe explain what eBPF is, how it works, and its proud BSD production legacy.
eBPF is a technology that you’re going to be hearing more and more about. It powers low-overhead custom analysis tools, handles network security in a containerized world, and powers tools you use every day.
MeetBSD, BPF, eBPF, Linux, LWN, Linus, seccomp, XDP, bpfilter, virtual machine, tracing, observability, bcc, bpftrace, dtrace, monitoring, bytecode, up, ultimate plumber, pipecut, networking, security, containers, kernel, shell, pipeline, instrumentation, kprobe, tcpdump, SysAdmin, DevOps, TechSNAP
We explain what eBPF is, how it works, and its proud BSD production legacy.

eBPF is a technology that you’re going to be hearing more and more about. It powers low-overhead custom analysis tools, handles network security in a containerized world, and powers tools you use every day.

BPF - the forgotten bytecode — All this changed in 1993 when Steven McCanne and Van Jacobson published the paper introducing a better way of filtering packets in the kernel, they called it "The BSD Packet Filter" (BPF)

eBPF: Past, Present, and Future — The Extended Berkeley Packet Filter, or eBPF, has rapidly been adopted into a number of Linux kernel systems since its introduction into the Linux kernel in late 2014. Understanding eBPF, however, can be difficult as many try to explain it via a use of eBPF as opposed to its design. Indeed eBPF's name indicates that it is for packet filtering even though it now has uses which have nothing to do with networking.

Using eBPF in Kubernetes — Cilium is a networking project that makes heavy use of eBPF superpowers to route and filter network traffic for container-based systems. By using eBPF, Cilium can dynamically generate and apply rules—even at the device level with XDP—without making changes to the Linux kernel itself

Why is the kernel community replacing iptables with BPF? — The Linux kernel community recently announced bpfilter, which will replace the long-standing in-kernel implementation of iptables with high-performance network filtering powered by Linux BPF, all while guaranteeing a non-disruptive transition for Linux users.

bpftrace (DTrace 2.0) for Linux 2018 — Created by Alastair Robertson, bpftrace is an open source high-level tracing front-end that lets you analyze systems in custom ways. It's shaping up to be a DTrace version 2.0: more capable, and built from the ground up for the modern era of the eBPF virtual machine.

Linux eBPF Tracing Tools — This page shows examples of performance analysis tools using enhancements to BPF (Berkeley Packet Filter) which were added to the Linux 4.x series kernels, allowing BPF to do much more than just filtering packets. These enhancements allow custom analysis programs to be executed on Linux dynamic tracing, static tracing, and profiling events.

]]>
We explain what eBPF is, how it works, and its proud BSD production legacy.

eBPF is a technology that you’re going to be hearing more and more about. It powers low-overhead custom analysis tools, handles network security in a containerized world, and powers tools you use every day.

BPF - the forgotten bytecode — All this changed in 1993 when Steven McCanne and Van Jacobson published the paper introducing a better way of filtering packets in the kernel, they called it "The BSD Packet Filter" (BPF)

eBPF: Past, Present, and Future — The Extended Berkeley Packet Filter, or eBPF, has rapidly been adopted into a number of Linux kernel systems since its introduction into the Linux kernel in late 2014. Understanding eBPF, however, can be difficult as many try to explain it via a use of eBPF as opposed to its design. Indeed eBPF's name indicates that it is for packet filtering even though it now has uses which have nothing to do with networking.

Using eBPF in Kubernetes — Cilium is a networking project that makes heavy use of eBPF superpowers to route and filter network traffic for container-based systems. By using eBPF, Cilium can dynamically generate and apply rules—even at the device level with XDP—without making changes to the Linux kernel itself

Why is the kernel community replacing iptables with BPF? — The Linux kernel community recently announced bpfilter, which will replace the long-standing in-kernel implementation of iptables with high-performance network filtering powered by Linux BPF, all while guaranteeing a non-disruptive transition for Linux users.

bpftrace (DTrace 2.0) for Linux 2018 — Created by Alastair Robertson, bpftrace is an open source high-level tracing front-end that lets you analyze systems in custom ways. It's shaping up to be a DTrace version 2.0: more capable, and built from the ground up for the modern era of the eBPF virtual machine.

Linux eBPF Tracing Tools — This page shows examples of performance analysis tools using enhancements to BPF (Berkeley Packet Filter) which were added to the Linux 4.x series kernels, allowing BPF to do much more than just filtering packets. These enhancements allow custom analysis programs to be executed on Linux dynamic tracing, static tracing, and profiling events.

]]>
Episode 387: Private Cloud Building Blockshttps://techsnap.systems/387
c6e35c4d-a8a5-4394-8e7f-9acd91aa5aa2Thu, 11 Oct 2018 17:45:00 -0700Jupiter BroadcastingfullJupiter BroadcastingWe bring in Amy Marrich to break down the building blocks of OpenStack. There are nearly an overwhelming number of ways to manage your infrastructure, and we learn about one of the original tools.33:37noWe bring in Amy Marrich to break down the building blocks of OpenStack. There are nearly an overwhelming number of ways to manage your infrastructure, and we learn about one of the original tools.
Plus a few warm up stories, a war story, and more.
Special Guest: Amy Marrich.
IPFS, Phishing, RFC, Uber, Writing Things Down, Kata Containers, Containers, Kubernetes, CRI, Private Cloud, OpenStack, Rocky, Zun, Zuul, Magnum, Ansible, Amy Marrich, SysAdmin, Rachel Kroll, OpenStack Training Artichect, TechSNAP
We bring in Amy Marrich to break down the building blocks of OpenStack. There are nearly an overwhelming number of ways to manage your infrastructure, and we learn about one of the original tools.

Scaling Engineering Teams via Writing Things Down and Sharing — I have recently been talking at small and mid-size companies, sharing engineering best practices I see us use at Uber, which I would recommend any tech company adopt as they are growing. The one topic that gets both the most raised eyebrows, as well the most "aha!" moments is the one on how the planning process for engineering has worked since the early years of Uber.

Scaling Engineering Teams via Writing Things Down and Sharing — I have recently been talking at small and mid-size companies, sharing engineering best practices I see us use at Uber, which I would recommend any tech company adopt as they are growing. The one topic that gets both the most raised eyebrows, as well the most "aha!" moments is the one on how the planning process for engineering has worked since the early years of Uber.

]]>
Episode 385: 3 Things to Know About Kuberneteshttps://techsnap.systems/385
f656bfc9-76fe-45b3-b238-3cff6b0acfacThu, 27 Sep 2018 16:15:00 -0700Jupiter BroadcastingfullJupiter BroadcastingKubernetes expert Will Boyd joins us to explain the top 3 things to know about Kubernetes, when it’s the right tool for the job, and building highly available production grade clusters.23:09noKubernetes expert Will Boyd joins us to explain the top 3 things to know about Kubernetes, when it’s the right tool for the job, and building highly available production grade clusters.
Plus the privacy improvements that could be coming to HTTPS, and a new SSH auditing tool hits the open source scene.
Special Guest: Will Boyd.
HASSH, SSH, ESNI, SNI, HTTPS, Cloudflare, Salesforce, Kubernetes, Clonezilla, Kubernetes the hard way, Minikube, kubeadm, Will Boyd, Sysadmin Podcast, TechSNAP
Kubernetes expert Will Boyd joins us to explain the top 3 things to know about Kubernetes, when it’s the right tool for the job, and building highly available production grade clusters.

Plus the privacy improvements that could be coming to HTTPS, and a new SSH auditing tool hits the open source scene.

Special Guest: Will Boyd.

Links:

Open Sourcing HASSH — HASSH is a network fingerprinting standard invented within the Detection Cloud team at Salesforce.

ESNI: A Privacy-Protecting Upgrade to HTTPS — Today, Cloudflare is announcing a major step toward closing this privacy hole and enhancing the privacy protections that HTTPS offers. Cloudflare has proposed a technical standard for encrypted SNI, or “ESNI,” which can hide the identities of the sites you visit—particularly when a large number of sites are hosted on a single set of IP addresses

Clonezilla — Clonezilla is a partition and disk imaging/cloning program similar to True Image or Norton Ghost.

]]>
Kubernetes expert Will Boyd joins us to explain the top 3 things to know about Kubernetes, when it’s the right tool for the job, and building highly available production grade clusters.

Plus the privacy improvements that could be coming to HTTPS, and a new SSH auditing tool hits the open source scene.

Special Guest: Will Boyd.

Links:

Open Sourcing HASSH — HASSH is a network fingerprinting standard invented within the Detection Cloud team at Salesforce.

ESNI: A Privacy-Protecting Upgrade to HTTPS — Today, Cloudflare is announcing a major step toward closing this privacy hole and enhancing the privacy protections that HTTPS offers. Cloudflare has proposed a technical standard for encrypted SNI, or “ESNI,” which can hide the identities of the sites you visit—particularly when a large number of sites are hosted on a single set of IP addresses

GovPayNow.com Leaks 14M+ Records — Government Payment Service Inc. has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.

Cloudflare goes InterPlanetary — Today we’re excited to introduce Cloudflare’s IPFS Gateway, an easy way to access content from the InterPlanetary File System (IPFS) that doesn’t require installing and running any special software on your computer.

End-to-End Integrity with IPFS — This post describes how to use Cloudflare's IPFS gateway to set up a website which is end-to-end secure, while maintaining the performance and reliability benefits of being served from Cloudflare’s edge network.

GovPayNow.com Leaks 14M+ Records — Government Payment Service Inc. has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.

Cloudflare goes InterPlanetary — Today we’re excited to introduce Cloudflare’s IPFS Gateway, an easy way to access content from the InterPlanetary File System (IPFS) that doesn’t require installing and running any special software on your computer.

End-to-End Integrity with IPFS — This post describes how to use Cloudflare's IPFS gateway to set up a website which is end-to-end secure, while maintaining the performance and reliability benefits of being served from Cloudflare’s edge network.

]]>
Episode 382: Domestic Disappointmentshttps://techsnap.systems/382
20c841ff-5ccf-4058-8e2d-f59364827c26Thu, 06 Sep 2018 19:15:00 -0700Jupiter BroadcastingfullJupiter BroadcastingWe’re joined by a special guest to discuss the failures of campaign security, the disastrous consequences of a mismanaged firewall, and the suspicious case of Speck.44:56yesWe’re joined by a special guest to discuss the failures of campaign security, the disastrous consequences of a mismanaged firewall, and the suspicious case of Speck.
Plus the latest vulnerabilities in Wireshark and OpenSSH, the new forensic hotness from Netflix, and some great introductions to cryptography.
Special Guest: Martin Wimpress.
eMail, Elections, Election Security, Espionage, Attachments, Security Keys, CIA, USA, Firewall, China, NSA, Speck, Android, Google, OpenSSH, SSH, Wireshark, CVE, CVSS, Security, TCP, ISP, BGP, 500 mile email, TCP RST, Diffy, Netflix, crypto, cryptography, diffy, netflix, manga, linux, devops, podcast
We’re joined by a special guest to discuss the failures of campaign security, the disastrous consequences of a mismanaged firewall, and the suspicious case of Speck.

Plus the latest vulnerabilities in Wireshark and OpenSSH, the new forensic hotness from Netflix, and some great introductions to cryptography.

]]>
Episode 381: Here Comes Cloud DNShttps://techsnap.systems/381
c8862a6f-bc3a-42f5-b1ff-c9e6282ed771Wed, 29 Aug 2018 15:45:00 -0700Jupiter BroadcastingfullJupiter BroadcastingTo make DNS more secure, we must move it to the cloud! At least that’s what Mozilla and Google suggest. We breakdown DNS-over-HTTPS, why it requires a “cloud” component, and the advantages it has over traditional DNS.23:53noTo make DNS more secure, we must move it to the cloud! At least that’s what Mozilla and Google suggest. We breakdown DNS-over-HTTPS, why it requires a “cloud” component, and the advantages it has over traditional DNS.
Plus new active attacks against Apache Struts, and a Windows 10 zero-day exposed on Twitter.
DoH, DNS Over Https, Cloudflare, Cloudflare Resolver, Windows 10, Mozilla, Struts, Apache, CVE-2018-11776, Zero-Day, SandboxEscaper, Netdata, Advanced Local Procedure Call, Sysadmin podcast, techsnap
To make DNS more secure, we must move it to the cloud! At least that’s what Mozilla and Google suggest. We breakdown DNS-over-HTTPS, why it requires a “cloud” component, and the advantages it has over traditional DNS.

Plus new active attacks against Apache Struts, and a Windows 10 zero-day exposed on Twitter.

Netdata: Get control of your servers. — netdata is a system for distributed real-time performance and health monitoring. It provides unparalleled insights, in real-time, of everything happening on the system it runs (including applications such as web and database servers), using modern interactive web dashboards.

State of Software Distribution - 2018 — Few enterprises possess the ability to deploy the latest software and security patches at scale, putting their cybersecurity and business performance at risk. In the 2018 State of Software Distribution Report, we explore why IT decision makers say they struggle to keep up with the software distribution needs of the modern enterprise.

]]>
To make DNS more secure, we must move it to the cloud! At least that’s what Mozilla and Google suggest. We breakdown DNS-over-HTTPS, why it requires a “cloud” component, and the advantages it has over traditional DNS.

Plus new active attacks against Apache Struts, and a Windows 10 zero-day exposed on Twitter.

Netdata: Get control of your servers. — netdata is a system for distributed real-time performance and health monitoring. It provides unparalleled insights, in real-time, of everything happening on the system it runs (including applications such as web and database servers), using modern interactive web dashboards.

State of Software Distribution - 2018 — Few enterprises possess the ability to deploy the latest software and security patches at scale, putting their cybersecurity and business performance at risk. In the 2018 State of Software Distribution Report, we explore why IT decision makers say they struggle to keep up with the software distribution needs of the modern enterprise.

]]>
Episode 377: Linux Under Pressurehttps://techsnap.systems/377
01754d0c-6956-4f6e-a545-e7ec9f178bb5Wed, 01 Aug 2018 10:30:00 -0700Jupiter BroadcastingfullJupiter BroadcastingSome new tools will give you better insights into your system under extreme load, and we flash back to the days of AOL and discuss the new way social hackers are spreading malware.29:15noSome new tools will give you better insights into your system under extreme load, and we flash back to the days of AOL and discuss the new way social hackers are spreading malware.
Plus the death of a TLD, the return of SamSam, and more!
PSI, oomd, Facebook, out-of-memory, oom, SamSam, Ransomeware, Malware, cryptoware, Open source Jobs, Sysadmin Podcast, TechSNAP
Some new tools will give you better insights into your system under extreme load, and we flash back to the days of AOL and discuss the new way social hackers are spreading malware.

Chinese “hackers” are sending malware via snail mail — The trick is simple: a package arrives with a Chinese postmark containing a rambling message and a small CD. The CD, in turn, contains a set of Word files that include script-based malware. These scripts run when the victims access them on their computers, presumably resulting in compromised systems.

SamSam: The (almost) $6 million ransomware — Through original analysis, interviews and research, and by collaborating closely with industry partners and a specialist cryptocurrency monitoring organisation, Sophos has uncovered new details about how the secretive and sophisticated SamSam ransomware is used, who’s been targeted, how it works and how it’s evolving.

Open sourcing oomd, a new approach to handling OOMs — As our infrastructure has scaled, we’ve found that an increasing fraction of our machines and networks span multiple generations. One side effect of this multigenerational production environment is that a new software release or configuration change might result in a system running healthily on one machine but experiencing an out-of-memory (OOM) issue on another.

Chinese “hackers” are sending malware via snail mail — The trick is simple: a package arrives with a Chinese postmark containing a rambling message and a small CD. The CD, in turn, contains a set of Word files that include script-based malware. These scripts run when the victims access them on their computers, presumably resulting in compromised systems.

SamSam: The (almost) $6 million ransomware — Through original analysis, interviews and research, and by collaborating closely with industry partners and a specialist cryptocurrency monitoring organisation, Sophos has uncovered new details about how the secretive and sophisticated SamSam ransomware is used, who’s been targeted, how it works and how it’s evolving.

Open sourcing oomd, a new approach to handling OOMs — As our infrastructure has scaled, we’ve found that an increasing fraction of our machines and networks span multiple generations. One side effect of this multigenerational production environment is that a new software release or configuration change might result in a system running healthily on one machine but experiencing an out-of-memory (OOM) issue on another.

]]>
Episode 373: FreeBSD Already Does Thathttps://techsnap.systems/373
0888564b-a3e6-446c-9713-e9f8dbad9f5aThu, 05 Jul 2018 07:45:00 -0700Jupiter BroadcastingfullJupiter BroadcastingAllan Jude and Wes sit-down for a special live edition of the TechSNAP program.1:35:35noAllan Jude and Wes sit-down for a special live edition of the TechSNAP program.
Joined by Jed and Jeff they have a wide ranging organic conversation. Special Guest: Allan Jude.
Stock exchange outage, UPS Failure, Server Rack Death, solar, IT culture, sysadmin podcast, techsnap
Allan Jude and Wes sit-down for a special live edition of the TechSNAP program.

]]>
Episode 372: Logs and Metrics and Traces, Oh My!https://techsnap.systems/372
202308b7-ed73-4cec-bfff-12b25ddb621dThu, 14 Jun 2018 16:45:00 -0700Jupiter BroadcastingfullJupiter BroadcastingNetflix has learned the hard way how to utilize all the logs, we cover their lessons in their journey to build a fully observable system.36:01noNetflix has learned the hard way how to utilize all the logs, we cover their lessons in their journey to build a fully observable system.
Plus the Lazy State FPU bug that cropped up this week, backdoored Docker images, your questions, and more!
Netflix has learned the hard way how to utilize all the logs, we cover their lessons in their journey to build a fully observable system.

Plus the Lazy State FPU bug that cropped up this week, backdoored Docker images, your questions, and more!

]]>
Episode 371: They Never Learnhttps://techsnap.systems/371
6c8e575e-ede8-4bae-b569-b82e0be33374Thu, 07 Jun 2018 15:15:00 -0700Jupiter BroadcastingfullJupiter BroadcastingMicrosoft puts a data center under the ocean, and they might be onto something. The Zip Slip vulnerability sneaks into your software, and VPNFilter turns out to be more complicated than first known.44:23noMicrosoft puts a data center under the ocean, and they might be onto something. The Zip Slip vulnerability sneaks into your software, and VPNFilter turns out to be more complicated than first known.
Plus the mass exploit of Drupalgeddon2 continues, we break down why, a batch of questions, and more.
Microsoft puts a data center under the ocean, and they might be onto something. The Zip Slip vulnerability sneaks into your software, and VPNFilter turns out to be more complicated than first known.

Plus the mass exploit of Drupalgeddon2 continues, we break down why, a batch of questions, and more.

]]>
Microsoft puts a data center under the ocean, and they might be onto something. The Zip Slip vulnerability sneaks into your software, and VPNFilter turns out to be more complicated than first known.

Plus the mass exploit of Drupalgeddon2 continues, we break down why, a batch of questions, and more.

]]>
Episode 370: Hidden in Plain Sighthttps://techsnap.systems/370
cbe34348-d2f2-41f1-8480-38bdbc5dd8ceFri, 01 Jun 2018 08:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingWe explain how the much hyped VPNFilter malware actually works, and its rather surprising sophistication.51:29noWe explain how the much hyped VPNFilter malware actually works, and its rather surprising sophistication.
Plus a clear break down of the recent Kubernetes news, how a 40 year old tel-co protocol is being abused today, and a Git vulnerability you should know about.
We explain how the much hyped VPNFilter malware actually works, and its rather surprising sophistication.

Plus a clear break down of the recent Kubernetes news, how a 40 year old tel-co protocol is being abused today, and a Git vulnerability you should know about.

]]>
Episode 369: Another Pass at Bypasshttps://techsnap.systems/369
c9e44cac-c711-4e40-a417-2d0ecc5712e7Wed, 23 May 2018 14:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingWe’ll explain how Speculative Store Bypass works, and the new mitigation techniques that are inbound. 44:43noWe’ll explain how Speculative Store Bypass works, and the new mitigation techniques that are inbound.
Plus this week’s security news has a bit of a theme, and we share some great war stories sent into the show.
We’ll explain how Speculative Store Bypass works, and the new mitigation techniques that are inbound.

Plus this week’s security news has a bit of a theme, and we share some great war stories sent into the show.

]]>
Episode 368: EFail Explainedhttps://techsnap.systems/368
810af786-1ddc-475f-82e7-65a38debf64eTue, 15 May 2018 12:45:00 -0700Jupiter BroadcastingfullJupiter BroadcastingThe EFail hype-train has hit hypersonic speed, we’ll tap the breaks and explain who disclosed it, what it is, what it’s not, our recommendations, and early reactions.36:47noThe EFail hype-train has hit hypersonic speed, we’ll tap the breaks and explain who disclosed it, what it is, what it’s not, our recommendations, and early reactions.
Plus things to consider when deciding on-premises vs a cloud deployment, and the all business gadget from 1971 that kicked off the consumer electronics revolution.
The EFail hype-train has hit hypersonic speed, we’ll tap the breaks and explain who disclosed it, what it is, what it’s not, our recommendations, and early reactions.

Plus things to consider when deciding on-premises vs a cloud deployment, and the all business gadget from 1971 that kicked off the consumer electronics revolution.

]]>
Episode 367: FreeNAS Uber Buildhttps://techsnap.systems/367
7e453cc2-5a2c-46a3-8ff4-eaec869e0ddeTue, 08 May 2018 17:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingOur FreeNAS build is complete and Allan’s back to cover the final details. Plus the new GPU attack against Android phones, and a perfect example of poor IoT security.37:04noOur FreeNAS build is complete and Allan’s back to cover the final details. Plus the new GPU attack against Android phones, and a perfect example of poor IoT security.
Our FreeNAS build is complete and Allan’s back to cover the final details. Plus the new GPU attack against Android phones, and a perfect example of poor IoT security.

Rooting a Logitech Harmony Hub — Exploitation of these vulnerabilities from the local network could allow an attacker to control the devices linked to the Hub as well as use the Hub as an execution space to attack other devices on the local network

Humble Book Bundle: DevOps by Packt (pay what you want and help charity) — This software engineering bundle is Packt with information! Streamline your processes with ebooks like Automate it!, DevOps for Networking, Mastering Ansible, and Continuous Delivery with Docker and Jenkins. You'll also get helpful videos including Mastering DevOps, Mastering Windows PowerShell 5 Administration, Learning Kubernetes, and more.

]]>
Our FreeNAS build is complete and Allan’s back to cover the final details. Plus the new GPU attack against Android phones, and a perfect example of poor IoT security.

Rooting a Logitech Harmony Hub — Exploitation of these vulnerabilities from the local network could allow an attacker to control the devices linked to the Hub as well as use the Hub as an execution space to attack other devices on the local network

Humble Book Bundle: DevOps by Packt (pay what you want and help charity) — This software engineering bundle is Packt with information! Streamline your processes with ebooks like Automate it!, DevOps for Networking, Mastering Ansible, and Continuous Delivery with Docker and Jenkins. You'll also get helpful videos including Mastering DevOps, Mastering Windows PowerShell 5 Administration, Learning Kubernetes, and more.

]]>
Episode 366: Catching up with Allanhttps://techsnap.systems/366
c3a8238e-1697-4086-90d1-7b9a02d8379cWed, 02 May 2018 15:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingWe catch up with Allan Jude and he shares stories of hunting network bottlenecks, memories of old firewalls, and some classic ZFS updates.48:32noWe catch up with Allan Jude and he shares stories of hunting network bottlenecks, memories of old firewalls, and some classic ZFS updates.
Plus the vulnerabilities found in Volkswagen cars, and the lengths a security research went to create the ultimate honeypot laptop. Special Guest: Allan Jude.
We catch up with Allan Jude and he shares stories of hunting network bottlenecks, memories of old firewalls, and some classic ZFS updates.

Plus the vulnerabilities found in Volkswagen cars, and the lengths a security research went to create the ultimate honeypot laptop.

Atlanta spends more than $2 million to recover from ransomware attack — . It appears that firms Secureworks and Ernst & Young were paid $650,000 and $600,000, respectively, for emergency services while Edelman was paid $50,000 for crisis communication services. Overall, the funds seemingly applied to the ransomware attack response add up to approximately $2.7 million.

Google Chrome 66 Released Today Focuses on Security — The biggest change is that Google Chrome will start showing SSL certificate errors for all Symantec certs issued before June 1, 2016. This is "stage two" of Google's long-term plan on distrusting Symantec certificates altogether.

VMware Patches Pwn2Own VM Escape Vulnerabilities — VMware on Tuesday patched a series of vulnerabilities uncovered earlier this month at Pwn2Own. The flaws enabled an attacker to execute code on a workstation and carry out a virtual machine escape to attack a host server.

Atlanta spends more than $2 million to recover from ransomware attack — . It appears that firms Secureworks and Ernst & Young were paid $650,000 and $600,000, respectively, for emergency services while Edelman was paid $50,000 for crisis communication services. Overall, the funds seemingly applied to the ransomware attack response add up to approximately $2.7 million.

Google Chrome 66 Released Today Focuses on Security — The biggest change is that Google Chrome will start showing SSL certificate errors for all Symantec certs issued before June 1, 2016. This is "stage two" of Google's long-term plan on distrusting Symantec certificates altogether.

VMware Patches Pwn2Own VM Escape Vulnerabilities — VMware on Tuesday patched a series of vulnerabilities uncovered earlier this month at Pwn2Own. The flaws enabled an attacker to execute code on a workstation and carry out a virtual machine escape to attack a host server.

]]>
Episode 364: The Case for Monitoringhttps://techsnap.systems/364
a667b0ef-12f5-4934-aea6-f713674f2647Wed, 18 Apr 2018 12:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingWe cover all the bases this week in our TechSNAP introduction to server monitoring.37:43noWe cover all the bases this week in our TechSNAP introduction to server monitoring.
Why you should monitor, what you should monitor, the basics of Nagios, the biggest drawbacks of Nagios, its alternatives, and our lessons learned from the trenches.
We cover all the bases this week in our TechSNAP introduction to server monitoring.

Why you should monitor, what you should monitor, the basics of Nagios, the biggest drawbacks of Nagios, its alternatives, and our lessons learned from the trenches.

Why Bother with Server Monitoring? — Once a network or server has been installed, how do you know it is working as it should? Just like a car or any appliance, it may need maintenance or parts replaced to keep it in top working order. Network and server monitoring allows the Network Administrator to see how hardware and software are performing. We can look for certain signs or warnings that the system is not working efficiently and take action to fix things to prevent system degradation or failure.

A Real Example Of Nagios Monitoring —
There are two major problems the monitoring solves: alerting and trending. Alerting is to notify the person in charge about a major event like service failing to work. Trending is to track the change of something over time – disk or memory usage, replication lag etc.

Sensu — Sensu’s platform is the solution to the monitoring problems you’re facing today, and the right foundation for your organization tomorrow. From bare metal to Kubernetes—get complete visibility across every system, every protocol, every time.

Icinga 2 — With the RESTful API of Icinga 2 you can update your configurations on the fly or show live information about current problems on your custom dashboards. You can process check results from third party tools or tell the Core to run actions interactively. The interface is secured with SSL. Access control can be configured fine grained and per user.

Why Bother with Server Monitoring? — Once a network or server has been installed, how do you know it is working as it should? Just like a car or any appliance, it may need maintenance or parts replaced to keep it in top working order. Network and server monitoring allows the Network Administrator to see how hardware and software are performing. We can look for certain signs or warnings that the system is not working efficiently and take action to fix things to prevent system degradation or failure.

A Real Example Of Nagios Monitoring —
There are two major problems the monitoring solves: alerting and trending. Alerting is to notify the person in charge about a major event like service failing to work. Trending is to track the change of something over time – disk or memory usage, replication lag etc.

Sensu — Sensu’s platform is the solution to the monitoring problems you’re facing today, and the right foundation for your organization tomorrow. From bare metal to Kubernetes—get complete visibility across every system, every protocol, every time.

Icinga 2 — With the RESTful API of Icinga 2 you can update your configurations on the fly or show live information about current problems on your custom dashboards. You can process check results from third party tools or tell the Core to run actions interactively. The interface is secured with SSL. Access control can be configured fine grained and per user.

]]>
Episode 363: Tips from the Tophttps://techsnap.systems/363
2f57aaaa-4b64-4c6f-809f-121a3710a543Thu, 12 Apr 2018 13:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingGetting started or getting ahead in IT is a moving target, so we’ve crowd sourced some of the best tips and advice to help.35:13noGetting started or getting ahead in IT is a moving target, so we’ve crowd sourced some of the best tips and advice to help.
Plus a tricky use of zero-width characters to catch a leaker, a breakdown of the new BranchScope attack, and a full post-mortem of the recent Travis CI outage.
Getting started or getting ahead in IT is a moving target, so we’ve crowd sourced some of the best tips and advice to help.

Plus a tricky use of zero-width characters to catch a leaker, a breakdown of the new BranchScope attack, and a full post-mortem of the recent Travis CI outage.

]]>
Episode 362: Rebuilding it Betterhttps://techsnap.systems/362
a2457c20-9cb0-41b9-9599-ed6235873934Thu, 05 Apr 2018 04:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingIt’s a TechSNAP introduction to Terraform, a tool for building, changing, and versioning infrastructure safely and efficiently. 35:11noIt’s a TechSNAP introduction to Terraform, a tool for building, changing, and versioning infrastructure safely and efficiently.
Plus a recent spat of data leaks suggest a common theme, Microsoft’s self inflicted Total Meltdown flaw, and playing around with DNS Rebinding attacks for fun.
It’s a TechSNAP introduction to Terraform, a tool for building, changing, and versioning infrastructure safely and efficiently.

Plus a recent spat of data leaks suggest a common theme, Microsoft’s self inflicted Total Meltdown flaw, and playing around with DNS Rebinding attacks for fun.

Panerabread.com Leaks Millions of Customer Records — Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.

Total Meltdown — In short - the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.

Terraform by HashiCorp — HashiCorp Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.

Terraforming 1Password - AgileBits Blog — Most of the 2 hours and 39 minutes of downtime were related to data migration. The 1Password.com database is just under 1TB in size (not including documents and attachments), and it took almost two hours to complete the snapshot and restore operations.

Panerabread.com Leaks Millions of Customer Records — Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.

Total Meltdown — In short - the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.

Terraform by HashiCorp — HashiCorp Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.

Terraforming 1Password - AgileBits Blog — Most of the 2 hours and 39 minutes of downtime were related to data migration. The 1Password.com database is just under 1TB in size (not including documents and attachments), and it took almost two hours to complete the snapshot and restore operations.

]]>
Episode 361: It's All in the Loghttps://techsnap.systems/361
60c0569a-55b4-446f-bf42-6d017d933f4fThu, 29 Mar 2018 08:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingEmbarrassing flaws get exposed when the logs get reviewed, Atlanta city government gets shut down by Ransomware, and the cleverest little Android malware you’ll ever meet.
32:49noEmbarrassing flaws get exposed when the logs get reviewed, Atlanta city government gets shut down by Ransomware, and the cleverest little Android malware you’ll ever meet.
Plus we go from a hacked client to a Zero-day discovery, answer some questions, ask a few, and more!
Embarrassing flaws get exposed when the logs get reviewed, Atlanta city government gets shut down by Ransomware, and the cleverest little Android malware you’ll ever meet.

Plus we go from a hacked client to a Zero-day discovery, answer some questions, ask a few, and more!

From hacked client to 0day discovery — The client’s account had been blocked because it was spotted sending spam. Once connected to the service, it was clear that the monthly quota of the account was almost reached and that the latest emails sent shown on the dashboard had content that were clearly spam.

From hacked client to 0day discovery — The client’s account had been blocked because it was spotted sending spam. Once connected to the service, it was clear that the monthly quota of the account was almost reached and that the latest emails sent shown on the dashboard had content that were clearly spam.

]]>
Episode 360: AMD Flaws Explainedhttps://techsnap.systems/360
2bdd82c5-b92f-4a94-af10-1fdc61f7a3a9Thu, 22 Mar 2018 12:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingWe cut through the noise and explain in clear terms what’s really been discovered. The botched disclosure of flaws in AMD products has overshadowed the technical details of the vulnerabilities, and we aim to fix that..29:09noWe cut through the noise and explain in clear terms what’s really been discovered. The botched disclosure of flaws in AMD products has overshadowed the technical details of the vulnerabilities, and we aim to fix that..
Plus another DNS Rebinding attack is in the wild and stealing Ethereum, Microsoft opens up a new bug bounty program, Expedia gets hacked, and we perform a TechSNAP checkup.
We cut through the noise and explain in clear terms what’s really been discovered. The botched disclosure of flaws in AMD products has overshadowed the technical details of the vulnerabilities, and we aim to fix that..

Plus another DNS Rebinding attack is in the wild and stealing Ethereum, Microsoft opens up a new bug bounty program, Expedia gets hacked, and we perform a TechSNAP checkup.

Microsoft Offers New Bug Bounties for Spectre, ... — Microsoft last week announced new bug bounties for speculative execution side-channel vulnerabilities. These vulnerabilities, of which Spectre and Meltdown were the first known examples, represent a new class of problem and Microsoft would like to know what else might be lurking in the neighborhood.

Microsoft patches RDP vulnerability. — Microsoft announced this week that they’ve released a preliminary fix for a vulnerability rated important, and present in all supported versions of Windows in circulation (basically any client or server version of Windows from 2008 onward).

Firefox Lockbox Extension — The Lockbox extension is a simple, stand-alone password manager that works with Firefox for desktop. It’s the first of several planned experiments designed to help us test and improve password management and online security.

“AMD Flaws” Technical Summary | Trail of Bits Blog — Most of the discussion after the public announcement of the vulnerabilities has been focused on the way they were disclosed rather than their technical impact. In this post, we have tried to extract the relevant technical details from the CTS whitepaper so they can be of use to the security community without the distraction of the surrounding disclosure issues.

]]>
We cut through the noise and explain in clear terms what’s really been discovered. The botched disclosure of flaws in AMD products has overshadowed the technical details of the vulnerabilities, and we aim to fix that..

Plus another DNS Rebinding attack is in the wild and stealing Ethereum, Microsoft opens up a new bug bounty program, Expedia gets hacked, and we perform a TechSNAP checkup.

Microsoft Offers New Bug Bounties for Spectre, ... — Microsoft last week announced new bug bounties for speculative execution side-channel vulnerabilities. These vulnerabilities, of which Spectre and Meltdown were the first known examples, represent a new class of problem and Microsoft would like to know what else might be lurking in the neighborhood.

Microsoft patches RDP vulnerability. — Microsoft announced this week that they’ve released a preliminary fix for a vulnerability rated important, and present in all supported versions of Windows in circulation (basically any client or server version of Windows from 2008 onward).

Firefox Lockbox Extension — The Lockbox extension is a simple, stand-alone password manager that works with Firefox for desktop. It’s the first of several planned experiments designed to help us test and improve password management and online security.

“AMD Flaws” Technical Summary | Trail of Bits Blog — Most of the discussion after the public announcement of the vulnerabilities has been focused on the way they were disclosed rather than their technical impact. In this post, we have tried to extract the relevant technical details from the CTS whitepaper so they can be of use to the security community without the distraction of the surrounding disclosure issues.

]]>
Episode 359: Netflix’s Dark Capacityhttps://techsnap.systems/359
c63e4421-989c-4e30-813c-cb967a5ab29bThu, 15 Mar 2018 20:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingNetflix has a few tricks we can learn from, and the story of clever malware that was operating undetected since 2012.
31:49noNetflix has a few tricks we can learn from, and the story of clever malware that was operating undetected since 2012.
Plus we discuss Let's Encrypt’s Wildcard support and explain what ACME v2 is.
Then we detail the bad position Samba 4 admins are in, and the real cause of these recent 1.7Tbps DDoS attacks.
Netflix has a few tricks we can learn from, and the story of clever malware that was operating undetected since 2012.

Plus we discuss Let's Encrypt’s Wildcard support and explain what ACME v2 is.

Then we detail the bad position Samba 4 admins are in, and the real cause of these recent 1.7Tbps DDoS attacks.

Hardcoded Password Found in Cisco Software — Cisco says that an attacker could exploit this vulnerability (CVE-2018-0141) by connecting to the affected system via Secure Shell (SSH) using the hardcoded password.

Potent malware that hid for six years spread through routers — "The malware is highly advanced, solving all sorts of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor."

CVE 2018-1057: Authenticated Samba users can change other users' password — On a Samba 4 AD DC the LDAP server in all versions of Samba from
4.0.0 onwards incorrectly validates permissions to modify passwords
over LDAP allowing authenticated users to change any other users'
passwords, including administrative users and privileged service
accounts (eg Domain Controllers).

CVE-2018-1057 - SambaWiki Workarounds — Revoke the change passwords right for 'the world' from all user objects (including computers) in the directory, leaving only the right to change a user's own password.

It just got much easier to wage record-breaking DDoSes — Within days of the new technique going public, security firms reported it being used in a record-setting 1.3 terabit-per-second DDoS against Github and then, two days later, a record-topping 1.7 Tbps attack against an unnamed US-based service provider.

The real cause of large DDoS — All the gigantic headline-grabbing attacks are what we call "L3" (Layer 3 OSI[1]). This kind of attack has a common trait - the malicious software sends as many packets as possible onto the network.

Hardcoded Password Found in Cisco Software — Cisco says that an attacker could exploit this vulnerability (CVE-2018-0141) by connecting to the affected system via Secure Shell (SSH) using the hardcoded password.

Potent malware that hid for six years spread through routers — "The malware is highly advanced, solving all sorts of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor."

CVE 2018-1057: Authenticated Samba users can change other users' password — On a Samba 4 AD DC the LDAP server in all versions of Samba from
4.0.0 onwards incorrectly validates permissions to modify passwords
over LDAP allowing authenticated users to change any other users'
passwords, including administrative users and privileged service
accounts (eg Domain Controllers).

CVE-2018-1057 - SambaWiki Workarounds — Revoke the change passwords right for 'the world' from all user objects (including computers) in the directory, leaving only the right to change a user's own password.

It just got much easier to wage record-breaking DDoSes — Within days of the new technique going public, security firms reported it being used in a record-setting 1.3 terabit-per-second DDoS against Github and then, two days later, a record-topping 1.7 Tbps attack against an unnamed US-based service provider.

The real cause of large DDoS — All the gigantic headline-grabbing attacks are what we call "L3" (Layer 3 OSI[1]). This kind of attack has a common trait - the malicious software sends as many packets as possible onto the network.

]]>
Episode 358: A Future Without Servershttps://techsnap.systems/358
dd10266c-5d78-43c7-bf71-1d3abb89a7a5Thu, 01 Mar 2018 08:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingThe term serverless gets thrown around a lot, but what does it really mean? What are the benefits and the drawbacks? It’s a TechSNAP introduction to Serverless Architecture. 36:28noThe term serverless gets thrown around a lot, but what does it really mean? What are the benefits and the drawbacks? It’s a TechSNAP introduction to Serverless Architecture.
Plus new research with ideas to dramatically improve private web browsing, the growing problem of tracking security vulnerabilities with CVE’s, and much more!
The term serverless gets thrown around a lot, but what does it really mean? What are the benefits and the drawbacks? It’s a TechSNAP introduction to Serverless Architecture.

Plus new research with ideas to dramatically improve private web browsing, the growing problem of tracking security vulnerabilities with CVE’s, and much more!

Finding Pwned Passwords with 1Password — Troy Hunt and his friends from Cloudflare found a brilliant way to check if my password is leaked without ever needing to send my password to their service. Their server never receives enough information to reconstruct my password.

Microsoft’s Big Email Privacy Case Heads to the Supreme Court Tomorrow — The 2013 warrant involved a drug case, and the Justice Department asked Microsoft to turn over emails that were stored in its Ireland data center. Microsoft objected, arguing that the DoJ could not use a domestic warrant to conduct an international search and that it should instead acquire the data through a treaty process with the Irish government.

Researchers Propose Improved Private Web Browsing System — The newly proposed system keeps all the data that the browse loads into memory encrypted until it is displayed on the screen, the researchers say. Users no longer type a URL into the browser, but access the Veil website and enter the URL there. With the help of a blinding server, the Veil format of the requested page is transmitted.

What is Serverless Architecture? What are its criticisms and drawbacks? — Serverless architectures refer to applications that significantly depend on third-party services (knows as Backend as a Service or “BaaS”) or on custom code that’s run in ephemeral containers (Function as a Service or “FaaS”), the best known vendor host of which currently is AWS Lambda.

Crostini - Linux App Containers on ChromeOS — In other words, the Crostini/Terminal feature could be to Chrome OS what the Windows Subsystem for Linux is for Windows 10: a way that developers, power users, and Linux enthusiasts can run native Linux software on a device that’s not running a traditional Linux distribution.

]]>
The term serverless gets thrown around a lot, but what does it really mean? What are the benefits and the drawbacks? It’s a TechSNAP introduction to Serverless Architecture.

Plus new research with ideas to dramatically improve private web browsing, the growing problem of tracking security vulnerabilities with CVE’s, and much more!

Finding Pwned Passwords with 1Password — Troy Hunt and his friends from Cloudflare found a brilliant way to check if my password is leaked without ever needing to send my password to their service. Their server never receives enough information to reconstruct my password.

Microsoft’s Big Email Privacy Case Heads to the Supreme Court Tomorrow — The 2013 warrant involved a drug case, and the Justice Department asked Microsoft to turn over emails that were stored in its Ireland data center. Microsoft objected, arguing that the DoJ could not use a domestic warrant to conduct an international search and that it should instead acquire the data through a treaty process with the Irish government.

Researchers Propose Improved Private Web Browsing System — The newly proposed system keeps all the data that the browse loads into memory encrypted until it is displayed on the screen, the researchers say. Users no longer type a URL into the browser, but access the Veil website and enter the URL there. With the help of a blinding server, the Veil format of the requested page is transmitted.

What is Serverless Architecture? What are its criticisms and drawbacks? — Serverless architectures refer to applications that significantly depend on third-party services (knows as Backend as a Service or “BaaS”) or on custom code that’s run in ephemeral containers (Function as a Service or “FaaS”), the best known vendor host of which currently is AWS Lambda.

Crostini - Linux App Containers on ChromeOS — In other words, the Crostini/Terminal feature could be to Chrome OS what the Windows Subsystem for Linux is for Windows 10: a way that developers, power users, and Linux enthusiasts can run native Linux software on a device that’s not running a traditional Linux distribution.

Flight Sim Company Embeds Malware to Steal Pirates' Passwords — Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.

Lessons from the Cryptojacking Attack at Tesla — In cases involving the WannaMine malware, a tool called Mimikatz is used to pull credentials from a computer’s memory to infect other computers on the network. The malware then uses the infected computers’ compute to mine a cryptocurrency called Monero quietly in the background.

Chef InSpec 2.0 — InSpec is a free open source tool that enables development teams to express security and compliance rules as code. Version 1.0 was about ensuring that applications were set up properly. The new version extends this capability to the cloud where companies are running the applications, allowing teams to test and write rules for compliance with cloud security policy. It supports AWS and Azure and comes with 30 common configurations out of the box including Docker, IIS, NGINX and PostgreSQL.

Spectre & Meltdown Checker for Linux — A simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.

FreeBSD Finally Gets Mitigated For Spectre & Meltdown — It's taken a few more weeks longer than most of the Linux distributions to be re-worked for Spectre/Meltdown mitigation as well as DragonFlyBSD, but with FreeBSD Revision 329462 it appears their initial fixes are in place.

KPTI/KAISER Meltdown Initial Performance Regressions — In this post I'll look at the Linux kernel page table isolation (KPTI) patches that workaround Meltdown: what overheads to expect, and ways to tune them. Much of my testing was on Linux 4.14.11 and 4.14.12 a month ago, before we deployed in production. Some older kernels have the KAISER patches for Meltdown, and so far the performance overheads look similar. These results aren't final, since more changes are still being developed, such as for Spectre.

Flight Sim Company Embeds Malware to Steal Pirates' Passwords — Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.

Lessons from the Cryptojacking Attack at Tesla — In cases involving the WannaMine malware, a tool called Mimikatz is used to pull credentials from a computer’s memory to infect other computers on the network. The malware then uses the infected computers’ compute to mine a cryptocurrency called Monero quietly in the background.

Chef InSpec 2.0 — InSpec is a free open source tool that enables development teams to express security and compliance rules as code. Version 1.0 was about ensuring that applications were set up properly. The new version extends this capability to the cloud where companies are running the applications, allowing teams to test and write rules for compliance with cloud security policy. It supports AWS and Azure and comes with 30 common configurations out of the box including Docker, IIS, NGINX and PostgreSQL.

Spectre & Meltdown Checker for Linux — A simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.

FreeBSD Finally Gets Mitigated For Spectre & Meltdown — It's taken a few more weeks longer than most of the Linux distributions to be re-worked for Spectre/Meltdown mitigation as well as DragonFlyBSD, but with FreeBSD Revision 329462 it appears their initial fixes are in place.

KPTI/KAISER Meltdown Initial Performance Regressions — In this post I'll look at the Linux kernel page table isolation (KPTI) patches that workaround Meltdown: what overheads to expect, and ways to tune them. Much of my testing was on Linux 4.14.11 and 4.14.12 a month ago, before we deployed in production. Some older kernels have the KAISER patches for Meltdown, and so far the performance overheads look similar. These results aren't final, since more changes are still being developed, such as for Spectre.

]]>
Episode 356: The Concern with Containershttps://techsnap.systems/356
0d9f7516-90f2-4dd5-82e4-3bb92e6de943Thu, 15 Feb 2018 13:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingThe problems containers can’t solve, nasty security flaws in Skype and Telegram, and Cisco discovers they have a bigger issue on their hands then first realized. 37:23noThe problems containers can’t solve, nasty security flaws in Skype and Telegram, and Cisco discovers they have a bigger issue on their hands then first realized.
And the latest jaw-dropping techniques to extract data from air-gapped systems.
The problems containers can’t solve, nasty security flaws in Skype and Telegram, and Cisco discovers they have a bigger issue on their hands then first realized.

And the latest jaw-dropping techniques to extract data from air-gapped systems.

Zero-day vulnerability in Telegram — The special nonprinting right-to-left override (RLO) character is used to reverse the order of the characters that come after that character in the string. In the Unicode character table, it is represented as ‘U+202E’; one area of legitimate use is when typing Arabic text. In an attack, this character can be used to mislead the victim. It is usually used when displaying the name and extension of an executable file: a piece of software vulnerable to this sort of attack will display the filename incompletely or in reverse.

Containers Will Not Fix Your Broken Culture — Spoiler alert: the solutions to many difficulties that seem technical can be found by examining our interactions with others. Let's talk about five things you'll want to know when working with those pesky creatures known as humans.

Zero-day vulnerability in Telegram — The special nonprinting right-to-left override (RLO) character is used to reverse the order of the characters that come after that character in the string. In the Unicode character table, it is represented as ‘U+202E’; one area of legitimate use is when typing Arabic text. In an attack, this character can be used to mislead the victim. It is usually used when displaying the name and extension of an executable file: a piece of software vulnerable to this sort of attack will display the filename incompletely or in reverse.

Containers Will Not Fix Your Broken Culture — Spoiler alert: the solutions to many difficulties that seem technical can be found by examining our interactions with others. Let's talk about five things you'll want to know when working with those pesky creatures known as humans.

UNIXSurplus — UNIXSurplus is a multi-level provider of new and refurbished custom built servers, storage solutions and computer equipment.

FreeNAS Storage Operating System — FreeNAS is an operating system that can be installed on virtually any hardware platform to share data over a network. FreeNAS is the simplest way to create a centralized and easily accessible place for your data. Use FreeNAS with ZFS to protect, store, backup, all of your data. FreeNAS is used everywhere, for the home, small business, and the enterprise.

]]>
We save our FreeNAS Mini from the edge, and perform an emergency migration to much larger hardware.

Plus 12 tips for secure authentication, the future of network security where there is no LAN, a botnet exploiting Android ADB, and your questions.

UNIXSurplus — UNIXSurplus is a multi-level provider of new and refurbished custom built servers, storage solutions and computer equipment.

FreeNAS Storage Operating System — FreeNAS is an operating system that can be installed on virtually any hardware platform to share data over a network. FreeNAS is the simplest way to create a centralized and easily accessible place for your data. Use FreeNAS with ZFS to protect, store, backup, all of your data. FreeNAS is used everywhere, for the home, small business, and the enterprise.

]]>
Episode 354: Here Come the Script Kiddieshttps://techsnap.systems/354
e2e1b46b-2f05-465f-821b-95680dc0cda0Thu, 01 Feb 2018 18:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingAutoSploit has the security industry in a panic, so we give it a go. To our surprise we discover systems at the DOD, Amazon, and other places vulnerable to this automated attack. We’ll tell you all about it, and what these 400 lines of Python known as AutoSploit really do.51:59noAutoSploit has the security industry in a panic, so we give it a go. To our surprise we discover systems at the DOD, Amazon, and other places vulnerable to this automated attack. We’ll tell you all about it, and what these 400 lines of Python known as AutoSploit really do.
Plus injecting arbitrary waveforms into Alexa and Google Assistant commands, making WordPress bulletproof, and how to detect and prevent excessive port scan attacks.
AutoSploit has the security industry in a panic, so we give it a go. To our surprise we discover systems at the DOD, Amazon, and other places vulnerable to this automated attack. We’ll tell you all about it, and what these 400 lines of Python known as AutoSploit really do.

Plus injecting arbitrary waveforms into Alexa and Google Assistant commands, making WordPress bulletproof, and how to detect and prevent excessive port scan attacks.

Audio Adversarial Examples — We have constructed targeted audio adversarial examples on speech-to-text transcription neural networks: given an arbitrary waveform, we can make a small perturbation that when added to the original waveform causes it to transcribe as any phrase we choose.

Qubes Air: Generalizing the Qubes Architecture | Qubes OS — Qubes Air is the next step on our roadmap to making the concept of “Security through Compartmentalization” applicable to more scenarios. It is also an attempt to address some of the biggest problems and weaknesses plaguing the current implementation of Qubes, specifically the difficulty of deployment and virtualization as a single point of failure. While Qubes-as-a-Service is one natural application that could be built on top of Qubes Air, it is certainly not the only one. We have also discussed running Qubes over clusters of physically isolated devices, as well as various hybrid scenarios. I believe the approach to security that Qubes has been implementing for years will continue to be valid for years to come, even in a world of apps-as-a-service.

How To Use psad to Detect Network Intrusion Attempts — The key to using psad effectively is to configure danger levels and email alerts appropriately, and then follow up on any problems. This tool, coupled with other intrusion detection resources like tripwire can provide fairly good coverage to be able to detect intrusion attempts.

]]>
AutoSploit has the security industry in a panic, so we give it a go. To our surprise we discover systems at the DOD, Amazon, and other places vulnerable to this automated attack. We’ll tell you all about it, and what these 400 lines of Python known as AutoSploit really do.

Plus injecting arbitrary waveforms into Alexa and Google Assistant commands, making WordPress bulletproof, and how to detect and prevent excessive port scan attacks.

Audio Adversarial Examples — We have constructed targeted audio adversarial examples on speech-to-text transcription neural networks: given an arbitrary waveform, we can make a small perturbation that when added to the original waveform causes it to transcribe as any phrase we choose.

Qubes Air: Generalizing the Qubes Architecture | Qubes OS — Qubes Air is the next step on our roadmap to making the concept of “Security through Compartmentalization” applicable to more scenarios. It is also an attempt to address some of the biggest problems and weaknesses plaguing the current implementation of Qubes, specifically the difficulty of deployment and virtualization as a single point of failure. While Qubes-as-a-Service is one natural application that could be built on top of Qubes Air, it is certainly not the only one. We have also discussed running Qubes over clusters of physically isolated devices, as well as various hybrid scenarios. I believe the approach to security that Qubes has been implementing for years will continue to be valid for years to come, even in a world of apps-as-a-service.

How To Use psad to Detect Network Intrusion Attempts — The key to using psad effectively is to configure danger levels and email alerts appropriately, and then follow up on any problems. This tool, coupled with other intrusion detection resources like tripwire can provide fairly good coverage to be able to detect intrusion attempts.

]]>
Episode 353: Too Many Containershttps://techsnap.systems/353
76cf88a2-f5d9-4dba-b314-f9f00e3767dfThu, 25 Jan 2018 16:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingWe introduce you to Kubernetes, what problems it solves, why everyone is talking about it, and where it came from. Also who shouldn’t be using Kubernetes, and the problems you can run into when scaling it.43:08noWe introduce you to Kubernetes, what problems it solves, why everyone is talking about it, and where it came from. Also who shouldn’t be using Kubernetes, and the problems you can run into when scaling it.
Plus how you can store files in others DNS resolver cache, Project Zero finds a new BitTorrent client flaw, and more.
We introduce you to Kubernetes, what problems it solves, why everyone is talking about it, and where it came from. Also who shouldn’t be using Kubernetes, and the problems you can run into when scaling it.

Plus how you can store files in others DNS resolver cache, Project Zero finds a new BitTorrent client flaw, and more.

DNSFS. Store your files in others DNS resolver caches — The DNSFS code is a relatively simple system, every file uploaded is split into 180 byte chunks, and those chunks are “set” inside caches by querying the DNSFS node via the public resolver for a TXT record. After a few seconds the data is removed from DNSFS memory and the data is no longer on the client computer.

Alphabet is launching a new CyberSecurity unit. — Alphabet, the parent company of Google, announced today that they will be launching Chronicle, a new business unit that will focus on Cyber Security, using their servers and infrastructure. The new organization hopes to focus on machine learning and artificial intelligence to assist in the fight against cybercrime moving forward.

An Introduction to Kubernetes — Kubernetes, at its basic level, is a system for managing containerized applications across a cluster of nodes. In many ways, Kubernetes was designed to address the disconnect between the way that modern, clustered infrastructure is designed, and some of the assumptions that most applications and services have about their environments.

What is Kubernetes? — Kubernetes was originally developed and designed by engineers at Google. Google was one of the early contributors to Linux container technology and has talked publicly about how everything at Google runs in containers. (This is the technology behind Google’s cloud services.) Google generates more than 2 billion container deployments a week—all powered by an internal platform: Borg. Borg was the predecessor to Kubernetes and the lessons learned from developing Borg over the years became the primary influence behind much of the Kubernetes technology.

Scaling Kubernetes to 2,500 Nodes — We’ve been running Kubernetes for deep learning research for over two years. While our largest-scale workloads manage bare cloud VMs directly, Kubernetes provides a fast iteration cycle, reasonable scalability, and a lack of boilerplate which makes it ideal for most of our experiments.

Feedback: Talk more about Windows — I listened to your intro to change management and it seemed like it will be very Linux centric ("everything is she"). I'm future segments, please try to include windows desktop and server OS as well.

]]>
We introduce you to Kubernetes, what problems it solves, why everyone is talking about it, and where it came from. Also who shouldn’t be using Kubernetes, and the problems you can run into when scaling it.

Plus how you can store files in others DNS resolver cache, Project Zero finds a new BitTorrent client flaw, and more.

DNSFS. Store your files in others DNS resolver caches — The DNSFS code is a relatively simple system, every file uploaded is split into 180 byte chunks, and those chunks are “set” inside caches by querying the DNSFS node via the public resolver for a TXT record. After a few seconds the data is removed from DNSFS memory and the data is no longer on the client computer.

Alphabet is launching a new CyberSecurity unit. — Alphabet, the parent company of Google, announced today that they will be launching Chronicle, a new business unit that will focus on Cyber Security, using their servers and infrastructure. The new organization hopes to focus on machine learning and artificial intelligence to assist in the fight against cybercrime moving forward.

An Introduction to Kubernetes — Kubernetes, at its basic level, is a system for managing containerized applications across a cluster of nodes. In many ways, Kubernetes was designed to address the disconnect between the way that modern, clustered infrastructure is designed, and some of the assumptions that most applications and services have about their environments.

What is Kubernetes? — Kubernetes was originally developed and designed by engineers at Google. Google was one of the early contributors to Linux container technology and has talked publicly about how everything at Google runs in containers. (This is the technology behind Google’s cloud services.) Google generates more than 2 billion container deployments a week—all powered by an internal platform: Borg. Borg was the predecessor to Kubernetes and the lessons learned from developing Borg over the years became the primary influence behind much of the Kubernetes technology.

Scaling Kubernetes to 2,500 Nodes — We’ve been running Kubernetes for deep learning research for over two years. While our largest-scale workloads manage bare cloud VMs directly, Kubernetes provides a fast iteration cycle, reasonable scalability, and a lack of boilerplate which makes it ideal for most of our experiments.

Feedback: Talk more about Windows — I listened to your intro to change management and it seemed like it will be very Linux centric ("everything is she"). I'm future segments, please try to include windows desktop and server OS as well.

VMware pulled Spectre patches on Friday. — Affected updates are the ones for ESXi under VMSA-2018-0004 that contained CPU microcode. Despite these being the affected patches, all of the patches under VMSA-2018-004 have been pulled.

Spectre Mitigation Added To GCC 8, Seeking Backport To GCC 7 — The set of Spectre mitigation patches for the GNU Compiler Collection (GCC) were accepted to mainline and will be part of GCC 8 with the GCC 8.1 stable release that will likely be due out around March. This is on top of many other changes/features of GCC 8.

An Introduction to Configuration Management | DigitalOcean — As a broader subject, configuration management (CM) refers to the process of systematically handling changes to a system in a way that it maintains integrity over time. Even though this process was not originated in the IT industry, the term is broadly used to refer to server configuration management

VMware pulled Spectre patches on Friday. — Affected updates are the ones for ESXi under VMSA-2018-0004 that contained CPU microcode. Despite these being the affected patches, all of the patches under VMSA-2018-004 have been pulled.

Spectre Mitigation Added To GCC 8, Seeking Backport To GCC 7 — The set of Spectre mitigation patches for the GNU Compiler Collection (GCC) were accepted to mainline and will be part of GCC 8 with the GCC 8.1 stable release that will likely be due out around March. This is on top of many other changes/features of GCC 8.

An Introduction to Configuration Management | DigitalOcean — As a broader subject, configuration management (CM) refers to the process of systematically handling changes to a system in a way that it maintains integrity over time. Even though this process was not originated in the IT industry, the term is broadly used to refer to server configuration management

]]>
Episode 351: Performance Meltdownhttps://techsnap.systems/351
92c20700-9d53-4470-a263-d3e009a19100Thu, 11 Jan 2018 16:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingThe types of workloads that will see the largest performance impacts from Meltdown, tools to test yourself, and the outlook for 2018.
Plus a concise breakdown of Meltdown, Spectre, and side-channel attacks like only TechSNAP can. 41:43noThe types of workloads that will see the largest performance impacts from Meltdown, tools to test yourself, and the outlook for 2018.
Plus a concise breakdown of Meltdown, Spectre, and side-channel attacks like only TechSNAP can.
Then we run through the timeline of events, and the scuttlebutt of so called coordinated disclosure. We also discuss yet another security issue in macOS High Sierra, a backdoor in popular storage appliances, your questions, and more!
The types of workloads that will see the largest performance impacts from Meltdown, tools to test yourself, and the outlook for 2018.

Plus a concise breakdown of Meltdown, Spectre, and side-channel attacks like only TechSNAP can.

Then we run through the timeline of events, and the scuttlebutt of so called coordinated disclosure. We also discuss yet another security issue in macOS High Sierra, a backdoor in popular storage appliances, your questions, and more!

How Tier 2 cloud vendors banded together to cope with Spectre and Meltdown | TechCrunch — Eventually six cloud providers — Scaleway, DigitalOcean, Packet, Vultr, Linode and OVH — formed a consortium of sorts to help one another and share information. In order to make the process more efficient, they started a Slack channel with CEOs, CTOs and engineers from the various companies sharing information and fixes as they became available.

Google is pushing Retpoline — With Retpoline, we could protect our infrastructure at compile-time, with no source-code modifications. Furthermore, testing this feature, particularly when combined with optimizations such as software branch prediction hints, demonstrated that this protection came with almost no performance loss.

Microsoft PowerShell Script to check for Meltdown — To help customers verify that protections are enabled, Microsoft has published a PowerShell script that customers can run on their systems. Install and run the script by running the following commands.

Question: MySQL Replication Woes — The problem is that during some larger deletes on the master, the tables on the slave get locked and the slave lag goes through the roof.. During this time all of my selects that have been sent to the slave are just sitting there and waiting for the table to unlock while the master is just fine.

]]>
The types of workloads that will see the largest performance impacts from Meltdown, tools to test yourself, and the outlook for 2018.

Plus a concise breakdown of Meltdown, Spectre, and side-channel attacks like only TechSNAP can.

Then we run through the timeline of events, and the scuttlebutt of so called coordinated disclosure. We also discuss yet another security issue in macOS High Sierra, a backdoor in popular storage appliances, your questions, and more!

How Tier 2 cloud vendors banded together to cope with Spectre and Meltdown | TechCrunch — Eventually six cloud providers — Scaleway, DigitalOcean, Packet, Vultr, Linode and OVH — formed a consortium of sorts to help one another and share information. In order to make the process more efficient, they started a Slack channel with CEOs, CTOs and engineers from the various companies sharing information and fixes as they became available.

Google is pushing Retpoline — With Retpoline, we could protect our infrastructure at compile-time, with no source-code modifications. Furthermore, testing this feature, particularly when combined with optimizations such as software branch prediction hints, demonstrated that this protection came with almost no performance loss.

Microsoft PowerShell Script to check for Meltdown — To help customers verify that protections are enabled, Microsoft has published a PowerShell script that customers can run on their systems. Install and run the script by running the following commands.

Question: MySQL Replication Woes — The problem is that during some larger deletes on the master, the tables on the slave get locked and the slave lag goes through the roof.. During this time all of my selects that have been sent to the slave are just sitting there and waiting for the table to unlock while the master is just fine.

]]>
Episode 350: Trials of TLShttps://techsnap.systems/350
18f0b5cf-66ed-47af-89ca-011c4a0dae68Fri, 29 Dec 2017 08:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingA deep dive into some SMB fundamentals and practical tips to stay on top of suspicious network traffic.
50:43noThe trials and tribulations of the long journey to TLS 1.3, and the “middleware” that’s keeping us from having nice things. Plus a pack of Leaky S3 bucket stories and the data that was exposed.
Then we do a deep dive into some SMB fundamentals and practical tips to stay on top of suspicious network traffic.
The trials and tribulations of the long journey to TLS 1.3, and the “middleware” that’s keeping us from having nice things. Plus a pack of Leaky S3 bucket stories and the data that was exposed.

Then we do a deep dive into some SMB fundamentals and practical tips to stay on top of suspicious network traffic.

TLS 1.3 middleboxes test — This page performs some tests to check for middlebox interference with TLS 1.3. For that it requires Adobe Flash and TCP port 843 to be open. If this is not the case, all tests will fail with N/A.

Data on 123 million US households exposed — Leaky bucket might be a better description because when opened the database revealed the personal financial data of 123m American households – in effect everyone with an address in the US around the time of the file’s creation in 2013.

Security Monkey — Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. It provides a single UI to browse and search through all of your accounts, regions, and cloud services. The monkey remembers previous states and can show you exactly what changed, and when.

DHCPDECLINE Follow Up — I think I have a hypothesis. When dhclient is offered an IP, it attempts to look it up in dhcpd.leases (under /var), and if /var has errors, the lookup fails and says "not found" (which is what the DHCPDECLINE line says in the log).

Please keep some BSD — Please don't get too Linux single-minded. Some FreeBSD plugs here and there are welcome.

TLS 1.3 middleboxes test — This page performs some tests to check for middlebox interference with TLS 1.3. For that it requires Adobe Flash and TCP port 843 to be open. If this is not the case, all tests will fail with N/A.

Data on 123 million US households exposed — Leaky bucket might be a better description because when opened the database revealed the personal financial data of 123m American households – in effect everyone with an address in the US around the time of the file’s creation in 2013.

Security Monkey — Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. It provides a single UI to browse and search through all of your accounts, regions, and cloud services. The monkey remembers previous states and can show you exactly what changed, and when.

DHCPDECLINE Follow Up — I think I have a hypothesis. When dhclient is offered an IP, it attempts to look it up in dhcpd.leases (under /var), and if /var has errors, the lookup fails and says "not found" (which is what the DHCPDECLINE line says in the log).

Please keep some BSD — Please don't get too Linux single-minded. Some FreeBSD plugs here and there are welcome.

]]>
Episode 349: All Natural Namespaceshttps://techsnap.systems/349
1f0cbb01-a231-4cf6-9f5d-f3ded5714065Thu, 21 Dec 2017 19:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingNetwork Namespaces have been around for a while, but there may be be some very practical ways to use them that you’ve never considered. Wes does a deep dive into a very flexible tool.
50:00noNetwork Namespaces have been around for a while, but there may be be some very practical ways to use them that you’ve never considered. Wes does a deep dive into a very flexible tool.
Plus what might be the world’s most important killswitch, the real dollar values for stolen credentials and the 19 year old attack that’s back.
Network Namespaces have been around for a while, but there may be be some very practical ways to use them that you’ve never considered. Wes does a deep dive into a very flexible tool.

Plus what might be the world’s most important killswitch, the real dollar values for stolen credentials and the 19 year old attack that’s back.

The Market for Stolen Account Credentials — But oh, how times have changed! With dozens of sites in the underground now competing to purchase and resell credentials for a variety of online locations, it has never been easier for a botmaster to earn a handsome living based solely on the sale of stolen usernames and passwords alone.

Hackers shut down plant by targeting its safety system — FireEye reported that a plant of an unmentioned nature and location (other firms believe it's in the Middle East) was forced to shut down after a hack targeted its industrial safety system -- it's the first known instance of a breach like this taking place.

FireEye Report on TRITON — We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations. This malware, which we call TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers.

WannaCry: End of Year Retrospective — Since our Vantage team sinkholed and subsequently nullified the WannaCry attack on May 12th, 2017, we have been monitoring and maintaining the domain known as the WannaCry killswitch.

Network namespaces — As the name would imply, network namespaces partition the use of the network—devices, addresses, ports, routes, firewall rules, etc.—into separate boxes, essentially virtualizing the network within a single running kernel instance.

namespaces - Linux manual page — A namespace wraps a global system resource in an abstraction that
makes it appear to the processes within the namespace that they have
their own isolated instance of the global resource. Changes to the
global resource are visible to other processes that are members of
the namespace, but are invisible to other processes. One use of
namespaces is to implement containers.

Network Namespaces » ADMIN Magazine — With network namespaces, you can virtualize network devices, IPv4 and IPv6 protocol stacks, routing tables, ARP tables, and firewalls separately, as well as /proc/net, /sys/class/net/, QoS policies, port numbers, and sockets in such a way that individual applications can find a particular network setup without the use of containers.

Implementation of IEEE 802.1ab (LLDP) — LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices.

WireGuard Routing & Network Namespaces — This allows for some very cool properties. Namely, you can create the WireGuard interface in one namespace (A), move it to another (B), and have cleartext packets sent from namespace B get sent encrypted through a UDP socket in namespace A.

VRF for Linux — The concept of VRF was first introduced around 1999 for L3 VPNs, but it has become a fundamental feature for a networking OS. VRF provides traffic isolation at layer 3 for routing, similar to how you use a VLAN to isolate traffic at layer 2. Think multiple routing tables.

The Market for Stolen Account Credentials — But oh, how times have changed! With dozens of sites in the underground now competing to purchase and resell credentials for a variety of online locations, it has never been easier for a botmaster to earn a handsome living based solely on the sale of stolen usernames and passwords alone.

Hackers shut down plant by targeting its safety system — FireEye reported that a plant of an unmentioned nature and location (other firms believe it's in the Middle East) was forced to shut down after a hack targeted its industrial safety system -- it's the first known instance of a breach like this taking place.

FireEye Report on TRITON — We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations. This malware, which we call TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers.

WannaCry: End of Year Retrospective — Since our Vantage team sinkholed and subsequently nullified the WannaCry attack on May 12th, 2017, we have been monitoring and maintaining the domain known as the WannaCry killswitch.

Network namespaces — As the name would imply, network namespaces partition the use of the network—devices, addresses, ports, routes, firewall rules, etc.—into separate boxes, essentially virtualizing the network within a single running kernel instance.

namespaces - Linux manual page — A namespace wraps a global system resource in an abstraction that
makes it appear to the processes within the namespace that they have
their own isolated instance of the global resource. Changes to the
global resource are visible to other processes that are members of
the namespace, but are invisible to other processes. One use of
namespaces is to implement containers.

Network Namespaces » ADMIN Magazine — With network namespaces, you can virtualize network devices, IPv4 and IPv6 protocol stacks, routing tables, ARP tables, and firewalls separately, as well as /proc/net, /sys/class/net/, QoS policies, port numbers, and sockets in such a way that individual applications can find a particular network setup without the use of containers.

Implementation of IEEE 802.1ab (LLDP) — LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as EDP or CDP. The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver Link-Layer notifications to adjacent network devices.

WireGuard Routing & Network Namespaces — This allows for some very cool properties. Namely, you can create the WireGuard interface in one namespace (A), move it to another (B), and have cleartext packets sent from namespace B get sent encrypted through a UDP socket in namespace A.

VRF for Linux — The concept of VRF was first introduced around 1999 for L3 VPNs, but it has become a fundamental feature for a networking OS. VRF provides traffic isolation at layer 3 for routing, similar to how you use a VLAN to isolate traffic at layer 2. Think multiple routing tables.

]]>
Episode 348: Server Neglecthttps://techsnap.systems/348
74701ab6-ae93-42d3-b9ed-e8ec152108fdThu, 14 Dec 2017 13:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingAuthors of one of the most infamous botnets of all time get busted, researchers discover keyloggers built into HP Laptops, the major HomeKit flaw no one is talking about, and the new version of FreeNAS packs a lot of features for a point release.49:13noAuthors of one of the most infamous botnets of all time get busted, researchers discover keyloggers built into HP Laptops, the major HomeKit flaw no one is talking about, and the new version of FreeNAS packs a lot of features for a point release.
Plus an update on the show and what to expect, and we attempt something TechSNAP could never do as a video production, a live double FreeNAS upgrade!
Authors of one of the most infamous botnets of all time get busted, researchers discover keyloggers built into HP Laptops, the major HomeKit flaw no one is talking about, and the new version of FreeNAS packs a lot of features for a point release.

Plus an update on the show and what to expect, and we attempt something TechSNAP could never do as a video production, a live double FreeNAS upgrade!

Mirai IoT Botnet Co-Authors Plead Guilty — Krebs on Security — The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

HP keylogger - ZwClose Blog Post — TL;DR: HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required)

Apple Releases iOS 11.2.1 Update With HomeKit Fix — According to Apple's release notes, the update re-enables remote access for shared users of the Home app. Apple broke remote access for shared users when implementing a fix for a major HomeKit vulnerability last week.

FreeNAS 11.1 Released — The FreeNAS Development Team is excited and proud to present FreeNAS 11.1! FreeNAS 11.1 adds cloud integration, OpenZFS performance improvements, including the ability to prioritize resilvering operations, and preliminary Docker support to the world’s most popular software-defined storage operating system. This release includes an updated preview of the beta version of the new administrator graphical user interface, including the ability to select display themes. This post provides a brief overview of the new features.

Process Doppelgänging Attack — Dubbed ‘Process Doppelgänging‘ by Tal Liberman and Eugene Kogan of EnSilo, the attack was demonstrated during Black Hat Europe 2017 security conference in London earlier today. Doppelgänging, a fileless code injection technique, works in such a manner that an attacker can manipulate the way Windows handles its file transaction process and pass malicious files even if the code is known to be malicious.

Process Doppelgänging - Black Hat Europe 2017 — By using NTFS transactions, we make changes to an executable file that will never actually be committed to disk. We will then use undocumented implementation details of the process loading mechanism to load our modified executable, but not before rolling back the changes we made to the executable. The result of this procedure is creating a process from the modified executable, while deployed security mechanisms in the dark.

]]>
Authors of one of the most infamous botnets of all time get busted, researchers discover keyloggers built into HP Laptops, the major HomeKit flaw no one is talking about, and the new version of FreeNAS packs a lot of features for a point release.

Plus an update on the show and what to expect, and we attempt something TechSNAP could never do as a video production, a live double FreeNAS upgrade!

Mirai IoT Botnet Co-Authors Plead Guilty — Krebs on Security — The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

HP keylogger - ZwClose Blog Post — TL;DR: HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required)

Apple Releases iOS 11.2.1 Update With HomeKit Fix — According to Apple's release notes, the update re-enables remote access for shared users of the Home app. Apple broke remote access for shared users when implementing a fix for a major HomeKit vulnerability last week.

FreeNAS 11.1 Released — The FreeNAS Development Team is excited and proud to present FreeNAS 11.1! FreeNAS 11.1 adds cloud integration, OpenZFS performance improvements, including the ability to prioritize resilvering operations, and preliminary Docker support to the world’s most popular software-defined storage operating system. This release includes an updated preview of the beta version of the new administrator graphical user interface, including the ability to select display themes. This post provides a brief overview of the new features.

Process Doppelgänging Attack — Dubbed ‘Process Doppelgänging‘ by Tal Liberman and Eugene Kogan of EnSilo, the attack was demonstrated during Black Hat Europe 2017 security conference in London earlier today. Doppelgänging, a fileless code injection technique, works in such a manner that an attacker can manipulate the way Windows handles its file transaction process and pass malicious files even if the code is known to be malicious.

Process Doppelgänging - Black Hat Europe 2017 — By using NTFS transactions, we make changes to an executable file that will never actually be committed to disk. We will then use undocumented implementation details of the process loading mechanism to load our modified executable, but not before rolling back the changes we made to the executable. The result of this procedure is creating a process from the modified executable, while deployed security mechanisms in the dark.

]]>
Episode 347: A Farewell to Dan | TechSNAP 347https://techsnap.systems/347
395B92E8-6FD8-4587-B725-31399554C561Thu, 30 Nov 2017 02:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingWe say farewell to Dan, but don't despair, we've still got a ton of great topics to cover as we say goodbye. We compare the handling of recent data breaches at imgur & DJI, share some in-depth guides on beefing up your security posture & much more!1:39:59noWe say farewell to Dan, but don't despair, we've still got a ton of great topics to cover as we say goodbye. We compare the handling of recent data breaches at imgur &amp; DJI, share some in-depth guides on beefing up your security posture &amp; see Dan off with some of your finest feedback and the world's tastiest roundup.<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/xhVWinInJp8" height="1" width="1" alt="">
We say farewell to Dan, but don't despair, we've still got a ton of great topics to cover as we say goodbye. We compare the handling of recent data breaches at imgur & DJI, share some in-depth guides on beefing up your security posture & see Dan off with some of your finest feedback and the world's tastiest roundup.]]>
We say farewell to Dan, but don't despair, we've still got a ton of great topics to cover as we say goodbye. We compare the handling of recent data breaches at imgur & DJI, share some in-depth guides on beefing up your security posture & see Dan off with some of your finest feedback and the world's tastiest roundup.]]>
Episode 346: Neutral Nets | TechSNAP 346https://techsnap.systems/346
DD777D2B-E077-465D-8FA3-01EF6CEF7B37Mon, 20 Nov 2017 17:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingWe get depressed over new stats confirming our worst fears about the huge number of outdated & unpatched android systems. Github wants to help you stay secure with their new Security Alerts feature. We discuss what it needs to be relevant & more!1:17:15no<p>We get depressed over some new stats confirming our worst fears about the huge number of outdated and unpatched android systems. But, in some good news, Github wants to help you, and your open source projects, stay secure with their new Security Alerts feature. We discuss the details and what it needs to be relevant.</p>
<p>Plus some handy tips for getting out of a sticky situation in git, a net neutrality PSA, and some big news from Dan.</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/iwt5GqdLqO0" height="1" width="1" alt="">
We get depressed over some new stats confirming our worst fears about the huge number of outdated and unpatched android systems. But, in some good news, Github wants to help you, and your open source projects, stay secure with their new Security Alerts feature. We discuss the details and what it needs to be relevant.

Plus some handy tips for getting out of a sticky situation in git, a net neutrality PSA, and some big news from Dan.

]]>
We get depressed over some new stats confirming our worst fears about the huge number of outdated and unpatched android systems. But, in some good news, Github wants to help you, and your open source projects, stay secure with their new Security Alerts feature. We discuss the details and what it needs to be relevant.

Plus some handy tips for getting out of a sticky situation in git, a net neutrality PSA, and some big news from Dan.

]]>
Episode 345: Namespaces GOTO Jail | TechSNAP 345https://techsnap.systems/345
AC309FE0-44EE-46C2-80DF-98299422D5D7Sat, 18 Nov 2017 01:15:00 -0800Jupiter BroadcastingfullJupiter BroadcastingJails, zones & linux containers. Dan shares his years of experience using FreeBSD jails. Wes breaks down cgroups, namespaces & explains how they come together to create a container. Plus we discuss similarities, differences, workflows & more!1:52:35no<p>We can't contain our excitement as we dive deep into the world of jails, zones &amp; so-called linux containers. Dan shares his years of experience using the time-tested original bad boy of containers, FreeBSD jails. Wes breaks down cgroups, namespaces &amp; explains how they come together to create a container. Plus we discuss similarities, differences, workflows &amp; more!</p>
<p>And of course your fantastic feedback, a record setting round-up &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/t8LbMlXFh84" height="1" width="1" alt="">
We can't contain our excitement as we dive deep into the world of jails, zones & so-called linux containers. Dan shares his years of experience using the time-tested original bad boy of containers, FreeBSD jails. Wes breaks down cgroups, namespaces & explains how they come together to create a container. Plus we discuss similarities, differences, workflows & more!

And of course your fantastic feedback, a record setting round-up & so much more!

]]>
We can't contain our excitement as we dive deep into the world of jails, zones & so-called linux containers. Dan shares his years of experience using the time-tested original bad boy of containers, FreeBSD jails. Wes breaks down cgroups, namespaces & explains how they come together to create a container. Plus we discuss similarities, differences, workflows & more!

And of course your fantastic feedback, a record setting round-up & so much more!

]]>
Episode 344: SSL Strippers | TechSNAP 344https://techsnap.systems/344
F50A9D00-00DE-4897-807F-3DAE1B2FD36EWed, 08 Nov 2017 00:00:00 -0800Jupiter BroadcastingfullJupiter BroadcastingWe’ve got the disturbing tale of some negligent websites & their fraudulent fonts. Then, some top tips to evaluate the security of your banking institutions & best practices for verbal passwords. Plus, a discussion of opsec, obfuscation, security & you!1:18:48noYou may think that’s a secure password field, but don’t be fooled! We’ve got the disturbing tale of some negligent websites &amp; their fraudulent fonts. Then, some top tips to evaluate the security of your banking institutions &amp; best practices for verbal passwords. Plus, a controversial discussion of opsec, obfuscation, security &amp; you!<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/wPWKOQkLLu0" height="1" width="1" alt="">
You may think that’s a secure password field, but don’t be fooled! We’ve got the disturbing tale of some negligent websites & their fraudulent fonts. Then, some top tips to evaluate the security of your banking institutions & best practices for verbal passwords. Plus, a controversial discussion of opsec, obfuscation, security & you!]]>
You may think that’s a secure password field, but don’t be fooled! We’ve got the disturbing tale of some negligent websites & their fraudulent fonts. Then, some top tips to evaluate the security of your banking institutions & best practices for verbal passwords. Plus, a controversial discussion of opsec, obfuscation, security & you!]]>
Episode 343: Low Security Pillow Storage | TechSNAP 343https://techsnap.systems/343
D2A2DEF9-1574-4C92-B53F-329E3E591383Tue, 31 Oct 2017 23:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingWe've got some top tips to turn you from ssh-novice to port-forwarding master. Plus the latest on the confusing story of Kaspersky, the NSA & a bone-headed contractor. Then, our backup sense is tingling, with the story of $30,000 lost to a forgotten pin.1:27:34no<p>We've got some top tips to turn you from ssh-novice to port-forwarding master. Plus the latest on the confusing story of Kaspersky, the NSA &amp; a bone-headed contractor. Then, our backup sense is tingling, with the story of $30,000 lost to a forgotten pin.</p>
<p>And of course your fantastic feedback, a record setting round-up &amp; so much more on this week's episode of TechSNAP!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/PA9oAfqA94g" height="1" width="1" alt="">
We've got some top tips to turn you from ssh-novice to port-forwarding master. Plus the latest on the confusing story of Kaspersky, the NSA & a bone-headed contractor. Then, our backup sense is tingling, with the story of $30,000 lost to a forgotten pin.

And of course your fantastic feedback, a record setting round-up & so much more on this week's episode of TechSNAP!

]]>
We've got some top tips to turn you from ssh-novice to port-forwarding master. Plus the latest on the confusing story of Kaspersky, the NSA & a bone-headed contractor. Then, our backup sense is tingling, with the story of $30,000 lost to a forgotten pin.

And of course your fantastic feedback, a record setting round-up & so much more on this week's episode of TechSNAP!

]]>
Episode 342: Cloudy with a chance of ABI | TechSNAP 342https://techsnap.systems/342
312D59E4-300D-45FF-B9FD-34D086C77D49Tue, 24 Oct 2017 22:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingWe air Microsoft's dirty laundry as news leaks about their less than stellar handling of a security database breach, plus a fascinating story of deceit, white lies, and tacos, so-called-smart cards might not be so smart & more!1:41:54noWe air Microsoft's dirty laundry as news leaks about their less than stellar handling of a security database breach, plus a fascinating story of deceit, white lies, and tacos; all par for the course in the world of social engineering, and we find out that so-called-smart cards might not be so smart, after it is revealed that millions are vulnerable to a crippling cryptographic attack &amp; more!<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/43b_YtE9zRo" height="1" width="1" alt="">
We air Microsoft's dirty laundry as news leaks about their less than stellar handling of a security database breach, plus a fascinating story of deceit, white lies, and tacos; all par for the course in the world of social engineering, and we find out that so-called-smart cards might not be so smart, after it is revealed that millions are vulnerable to a crippling cryptographic attack & more!]]>
We air Microsoft's dirty laundry as news leaks about their less than stellar handling of a security database breach, plus a fascinating story of deceit, white lies, and tacos; all par for the course in the world of social engineering, and we find out that so-called-smart cards might not be so smart, after it is revealed that millions are vulnerable to a crippling cryptographic attack & more!]]>
Episode 341: HAMR Time | TechSNAP 341https://techsnap.systems/341
375F22EA-9EE7-4471-B477-C51B01EB5599Tue, 17 Oct 2017 21:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingThe KRACK hack takes the world by storm; Plus, third party access to your personal information through some US mobile carriers. Then the ongoing debate over HAMR, MAMR & take a mini deep dive into the world of elliptic curve cryptography.1:08:35noWe've got bad news for Wifi-lovers as the KRACK hack takes the world by storm; We have the details &amp; some places to watch to make sure you stay patched. Plus, some distressing revelations about third party access to your personal information through some US mobile carriers. Then we cover the ongoing debate over HAMR, MAMR, and the future of hard drive technology &amp; take a mini deep dive into the world of elliptic curve cryptography.<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/tCPgR3Vz7WE" height="1" width="1" alt="">
We've got bad news for Wifi-lovers as the KRACK hack takes the world by storm; We have the details & some places to watch to make sure you stay patched. Plus, some distressing revelations about third party access to your personal information through some US mobile carriers. Then we cover the ongoing debate over HAMR, MAMR, and the future of hard drive technology & take a mini deep dive into the world of elliptic curve cryptography.]]>
We've got bad news for Wifi-lovers as the KRACK hack takes the world by storm; We have the details & some places to watch to make sure you stay patched. Plus, some distressing revelations about third party access to your personal information through some US mobile carriers. Then we cover the ongoing debate over HAMR, MAMR, and the future of hard drive technology & take a mini deep dive into the world of elliptic curve cryptography.]]>
Episode 340: Spy Tapes | TechSNAP 340https://techsnap.systems/340
5220D803-BDE6-4134-9EC1-34B037810814Thu, 12 Oct 2017 19:00:00 -0700Jupiter BroadcastingfullJupiter BroadcastingWe try spycraft with a set of espionage themed stories covering everything from the latest troubles at Kaspersky to the implications of responsible disclosure at the NSA, a fascinating discussion of the ethics of running a data breach search service.1:49:35noWe try our hand at spycraft with a set of espionage themed stories covering everything from the latest troubles at Kaspersky to the strategic implications of responsible disclosure at the NSA. Plus, a few more reasons to be careful with what you post on social media &amp; a fascinating discussion of the ethics of running a data breach search service.<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/teE9O4M12fU" height="1" width="1" alt="">
We try our hand at spycraft with a set of espionage themed stories covering everything from the latest troubles at Kaspersky to the strategic implications of responsible disclosure at the NSA. Plus, a few more reasons to be careful with what you post on social media & a fascinating discussion of the ethics of running a data breach search service.]]>
We try our hand at spycraft with a set of espionage themed stories covering everything from the latest troubles at Kaspersky to the strategic implications of responsible disclosure at the NSA. Plus, a few more reasons to be careful with what you post on social media & a fascinating discussion of the ethics of running a data breach search service.]]>
Episode 339: Laying Internet Pipe | TechSNAP 339https://techsnap.systems/339
23F5A263-67E1-4372-85BF-15875915C96EThu, 05 Oct 2017 15:45:58 -0700Jupiter BroadcastingfullJupiter BroadcastingWe cover the problematic implications of SESTA, plus some PR troubles for CBS's Showtime after cryptocoin mining software was found embedded in their webpage & why tape-powered backups are still important for many large organizations.1:14:37no<p>We cover the problematic implications of SESTA, the latest internet regulations proposed in the US, plus some PR troubles for CBS's Showtime after cryptocoin mining software was found embedded in their webpage &amp; Dan gets excited as we discuss why tape-powered backups are still important for many large organizations.</p>
<p>And of course your feedback, a fantastic round-up &amp; so much more on this week's episode of TechSNAP!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/4lTp6RiTLRw" height="1" width="1" alt="">
We cover the problematic implications of SESTA, the latest internet regulations proposed in the US, plus some PR troubles for CBS's Showtime after cryptocoin mining software was found embedded in their webpage & Dan gets excited as we discuss why tape-powered backups are still important for many large organizations.

And of course your feedback, a fantastic round-up & so much more on this week's episode of TechSNAP!

]]>
We cover the problematic implications of SESTA, the latest internet regulations proposed in the US, plus some PR troubles for CBS's Showtime after cryptocoin mining software was found embedded in their webpage & Dan gets excited as we discuss why tape-powered backups are still important for many large organizations.

And of course your feedback, a fantastic round-up & so much more on this week's episode of TechSNAP!

]]>
Episode 338: Patch Your S3it | TechSNAP 338https://techsnap.systems/338
9BD33842-C8E6-4C09-8DAA-A94AFDC619EDWed, 27 Sep 2017 00:44:19 -0700Jupiter BroadcastingfullJupiter BroadcastingDistrustful US allies further delay the NSA’s new crypto, Viacom’s leaky buckets almost expose its entire IT infrastructure, plus a few more Equifax mishaps & a government spyware tool that might just be masquerading as your favorite app.1:07:42no<p>Distrustful US allies further delay the NSA’s new crypto, Viacom’s leaky buckets almost expose its entire IT infrastructure, plus a few more Equifax mishaps &amp; a government spyware tool that might just be masquerading as your favorite app.</p>
<p>And of course your feedback, a fantastic round-up &amp; so much more on this week's episode of techsnap!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/3ZedEjnOYFY" height="1" width="1" alt="">
Distrustful US allies further delay the NSA’s new crypto, Viacom’s leaky buckets almost expose its entire IT infrastructure, plus a few more Equifax mishaps & a government spyware tool that might just be masquerading as your favorite app.

And of course your feedback, a fantastic round-up & so much more on this week's episode of techsnap!

]]>
Distrustful US allies further delay the NSA’s new crypto, Viacom’s leaky buckets almost expose its entire IT infrastructure, plus a few more Equifax mishaps & a government spyware tool that might just be masquerading as your favorite app.

And of course your feedback, a fantastic round-up & so much more on this week's episode of techsnap!

]]>
Episode 337: FCC’s Free Offsite Storage | TechSNAP 337https://techsnap.systems/337
2DFF0948-13E1-464B-948B-FD81B0356EF5Tue, 19 Sep 2017 20:42:41 -0700Jupiter BroadcastingfullJupiter BroadcastingThat Equifax hack? So last week! This weeks vulnerability is BlueBorne, a new attack on just about every bluetooth capable device. Plus some favorite overlooked shell commands, a breakdown of the ACLUs lawsuit to protect your rights at the border & more!
1:23:30noThat Equifax hack? So last week! This weeks vulnerability is BlueBorne, a new attack on just about every bluetooth capable device. We've got the details, and what you need to know to get patched. Plus some of our favorite overlooked shell commands &amp; a breakdown of the ACLUs recent lawsuit to protect your rights at the border.<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/NAaXXJ-6taM" height="1" width="1" alt="">
That Equifax hack? So last week! This weeks vulnerability is BlueBorne, a new attack on just about every bluetooth capable device. We've got the details, and what you need to know to get patched. Plus some of our favorite overlooked shell commands & a breakdown of the ACLUs recent lawsuit to protect your rights at the border.]]>
That Equifax hack? So last week! This weeks vulnerability is BlueBorne, a new attack on just about every bluetooth capable device. We've got the details, and what you need to know to get patched. Plus some of our favorite overlooked shell commands & a breakdown of the ACLUs recent lawsuit to protect your rights at the border.]]>
Episode 336: Equihax | TechSNAP 336https://techsnap.systems/336
490C5352-E6BF-470C-8E48-692D20E47D04Tue, 12 Sep 2017 23:56:34 -0700Jupiter BroadcastingfullJupiter BroadcastingEquifax got hacked, some top tips for staying safe & a debate over just who's to blame for vulnerable open source software. Then Google's breaking up with Symantec & we take a little time for Sysadmin 101, this time, ticketing systems.1:28:46noEquifax got hacked, some top tips for staying safe &amp; a debate over just who's to blame for vulnerable open source software. Then Google's breaking up with Symantec &amp; we take a little time for Sysadmin 101, this time, ticketing systems.<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/yq_ROJBC6N8" height="1" width="1" alt="">
Equifax got hacked, some top tips for staying safe & a debate over just who's to blame for vulnerable open source software. Then Google's breaking up with Symantec & we take a little time for Sysadmin 101, this time, ticketing systems.]]>
Equifax got hacked, some top tips for staying safe & a debate over just who's to blame for vulnerable open source software. Then Google's breaking up with Symantec & we take a little time for Sysadmin 101, this time, ticketing systems.]]>
Episode 335: Extended Usefulness | TechSNAP 335https://techsnap.systems/335
6FB762CB-81A4-44D6-9CBF-4F8669355B06Tue, 05 Sep 2017 22:23:35 -0700Jupiter BroadcastingfullJupiter BroadcastingWe're extending your filesystems usefulness with extended attributes! We learn what they are & how they might be useful. Plus, we take a look behind the scenes of a major spambot operation & check in with Bruce Schneier on the state of internet privacy.1:35:58noWe're extending your filesystems usefulness with extended attributes! We learn what they are &amp; how they might be useful. Plus, we take a look behind the scenes of a major spambot operation &amp; check in with Bruce Schneier on the state of internet privacy.<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/5wrXuUdcPYs" height="1" width="1" alt="">
We're extending your filesystems usefulness with extended attributes! We learn what they are & how they might be useful. Plus, we take a look behind the scenes of a major spambot operation & check in with Bruce Schneier on the state of internet privacy.]]>
We're extending your filesystems usefulness with extended attributes! We learn what they are & how they might be useful. Plus, we take a look behind the scenes of a major spambot operation & check in with Bruce Schneier on the state of internet privacy.]]>
Episode 334: HPKP: Hard to Say, Hard to Use | TechSNAP 334https://techsnap.systems/334
52C642F6-C12B-40AA-A740-12F311979B2CTue, 29 Aug 2017 23:00:07 -0700Jupiter BroadcastingfullJupiter BroadcastingWe discuss, and struggle to pronounce, the difficulties in deploying HTTP public key pinning & some possible alternatives you should consider. Then we get excited for (n+1)sec & explore the nuances of setting up home VPN gateway!1:24:10noWe discuss, and struggle to pronounce, the difficulties in deploying HTTP public key pinning &amp; some possible alternatives you should consider. Then we get excited for (n+1)sec, a new protocol for distributed multiparty chat encryption &amp; explore the nuances of setting up home VPN gateway!<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/nQZbKLZ5OjQ" height="1" width="1" alt="">
We discuss, and struggle to pronounce, the difficulties in deploying HTTP public key pinning & some possible alternatives you should consider. Then we get excited for (n+1)sec, a new protocol for distributed multiparty chat encryption & explore the nuances of setting up home VPN gateway!]]>
We discuss, and struggle to pronounce, the difficulties in deploying HTTP public key pinning & some possible alternatives you should consider. Then we get excited for (n+1)sec, a new protocol for distributed multiparty chat encryption & explore the nuances of setting up home VPN gateway!]]>
Episode 333: Rsync On Ice | TechSNAP 333https://techsnap.systems/333
7A5F1852-0EA4-435E-9ECD-9077D85733CCFri, 25 Aug 2017 08:31:57 -0700Jupiter BroadcastingfullJupiter BroadcastingWe take a trip to the ends of the earth and hear stories of tech support in Antarctica, cover a surprisingly reasonable new suggested standard for responsible disclosure, discuss Kreb's adventures in the world of deep-insert credit card skimmers & more!1:34:36no<p>We take a trip to the ends of the earth and hear some stories of tech support in Antarctica, cover a surprisingly reasonable new suggested standard for responsible disclosure &amp; discuss Kreb's latest adventures in the world of deep-insert credit card skimmers.</p>
<p>And of course your feedback, a fantastic round-up &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/M1IB8ShcfEE" height="1" width="1" alt="">
We take a trip to the ends of the earth and hear some stories of tech support in Antarctica, cover a surprisingly reasonable new suggested standard for responsible disclosure & discuss Kreb's latest adventures in the world of deep-insert credit card skimmers.

And of course your feedback, a fantastic round-up & so much more!

]]>
We take a trip to the ends of the earth and hear some stories of tech support in Antarctica, cover a surprisingly reasonable new suggested standard for responsible disclosure & discuss Kreb's latest adventures in the world of deep-insert credit card skimmers.

And of course your feedback, a fantastic round-up & so much more!

]]>
Episode 332: Leaky Pumps | TechSNAP 332https://techsnap.systems/332
304638F6-1A30-49FC-8F5B-749C9499EED8Wed, 16 Aug 2017 00:37:56 -0700Jupiter BroadcastingfullJupiter BroadcastingWith some new card skimmer tech that’s more reason to watch your wallet at the pump, a few tips for postgres migrations & Dan dives deep into his quest for the ultimate boot and nuke experience.
Plus your feedback, a fantastic round-up & so much more!1:28:19no<p>With some clever new card skimmer tech we’ve got one more reason to watch your wallet at the gas pump, plus a few handy recommendations for postgres migrations &amp; Dan dives deep into his quest for the ultimate boot and nuke experience. </p>
<p>Plus your feedback, a fantastic round-up &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/GblfDzTkzyg" height="1" width="1" alt="">
With some clever new card skimmer tech we’ve got one more reason to watch your wallet at the gas pump, plus a few handy recommendations for postgres migrations & Dan dives deep into his quest for the ultimate boot and nuke experience.

Plus your feedback, a fantastic round-up & so much more!

]]>
With some clever new card skimmer tech we’ve got one more reason to watch your wallet at the gas pump, plus a few handy recommendations for postgres migrations & Dan dives deep into his quest for the ultimate boot and nuke experience.

Plus your feedback, a fantastic round-up & so much more!

]]>
Episode 331: BTRFS is Toast | TechSNAP 331https://techsnap.systems/331
8E68E5EF-2A81-4F68-8CC1-54958EA71733Tue, 08 Aug 2017 23:43:58 -0700Jupiter BroadcastingfullJupiter BroadcastingWe discuss just how hard, or not, responsible disclosure really is, share some sad news about the status of BTRFS on RHEL, a few more reasons to use ZFS.
Then, we find out if our passwords have been cracked, reveal Dan’s password hashes live & more!1:24:56no<p>We discuss just how hard, or not, responsible disclosure really is, share some sad news about the status of BTRFS on RHEL, a few more reasons to use ZFS.</p>
<p>Then, we find out if our passwords have been cracked, reveal Dan’s password hashes live on air &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/VMb7SIyY120" height="1" width="1" alt="">
We discuss just how hard, or not, responsible disclosure really is, share some sad news about the status of BTRFS on RHEL, a few more reasons to use ZFS.

Then, we find out if our passwords have been cracked, reveal Dan’s password hashes live on air & more!

]]>
We discuss just how hard, or not, responsible disclosure really is, share some sad news about the status of BTRFS on RHEL, a few more reasons to use ZFS.

Then, we find out if our passwords have been cracked, reveal Dan’s password hashes live on air & more!

]]>
Episode 330: Netflix Lab Rats | TechSNAP 330https://techsnap.systems/330
7A7B04AF-983F-445E-82B8-B4ADD4E5B30BWed, 02 Aug 2017 00:18:03 -0700Jupiter BroadcastingfullJupiter BroadcastingDan finds a story of a major data leak isn't quite what it seems, a new Talos report that shows a large number of unpatched & unprotected memcached servers. Plus, between some excellent feedback & Dan's adventures, we've got a itty bitty ZFS deep dive.1:21:26no<p>Dan does some sleuthing &amp; finds that the story of a major data leak isn't quite what it seems, then a new Talos report that shows a large number of unpatched &amp; unprotected memcached servers. We discuss just how bad that might be. Plus, between some excellent feedback &amp; Dan's recent adventures, we've got a itty bitty ZFS deep dive.</p>
<p>And of course your feedback, a fantastic round-up &amp; so much more on this week's episode of TechSNAP.</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/TQAK-zLO4mI" height="1" width="1" alt="">
Dan does some sleuthing & finds that the story of a major data leak isn't quite what it seems, then a new Talos report that shows a large number of unpatched & unprotected memcached servers. We discuss just how bad that might be. Plus, between some excellent feedback & Dan's recent adventures, we've got a itty bitty ZFS deep dive.

And of course your feedback, a fantastic round-up & so much more on this week's episode of TechSNAP.

]]>
Dan does some sleuthing & finds that the story of a major data leak isn't quite what it seems, then a new Talos report that shows a large number of unpatched & unprotected memcached servers. We discuss just how bad that might be. Plus, between some excellent feedback & Dan's recent adventures, we've got a itty bitty ZFS deep dive.

And of course your feedback, a fantastic round-up & so much more on this week's episode of TechSNAP.

]]>
Episode 329: Teeny Weeny DNS Server | TechSNAP 329https://techsnap.systems/329
01349BC8-D756-4FED-B00D-9158E51EF87ATue, 25 Jul 2017 23:28:58 -0700Jupiter BroadcastingfullJupiter BroadcastingSome mysterious mac malware that's been lurking for years, a new tool to help you monitor, backup and generally work with your DNS infrastructure & possibly more problems for Symantec, the certificate authority who just can't seem to get things right.1:21:56noWe've got the latest on some mysterious mac malware that's been lurking for years, a handy new tool to help you monitor, backup and generally work with your DNS infrastructure &amp; possibly more problems for Symantec, the certificate authority who just can't seem to get things right.<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/Gs9tgClZRD0" height="1" width="1" alt="">
We've got the latest on some mysterious mac malware that's been lurking for years, a handy new tool to help you monitor, backup and generally work with your DNS infrastructure & possibly more problems for Symantec, the certificate authority who just can't seem to get things right.]]>
We've got the latest on some mysterious mac malware that's been lurking for years, a handy new tool to help you monitor, backup and generally work with your DNS infrastructure & possibly more problems for Symantec, the certificate authority who just can't seem to get things right.]]>
Episode 328: LetsEncrypt is a SNAP | TechSNAP 328https://techsnap.systems/328
88E5C9EB-105E-4DA1-8A7D-D2B002913AA5Tue, 18 Jul 2017 23:49:14 -0700Jupiter BroadcastingfullJupiter BroadcastingThe recent ‘Devil’s Ivy’ vulnerability has caused quite a rash in the security journalism community. We discuss. Plus you’ve heard of public key encryption, but what lies beyond? We cover some possible alternatives and the problem of identity & more!1:36:03no<p>The recent ‘Devil’s Ivy’ vulnerability has caused quite a rash in the security journalism community. Is it as bad as poison ivy or just a bunch of hyperbole? We discuss. Plus you’ve heard of public key encryption, but what lies beyond? We cover some possible alternatives and the problem of identity.</p>
<p>Then Dan’s got the latest on his Let’s encrypt setup including a brand new open source tool you too can use!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/6twiDPUoJL0" height="1" width="1" alt="">
The recent ‘Devil’s Ivy’ vulnerability has caused quite a rash in the security journalism community. Is it as bad as poison ivy or just a bunch of hyperbole? We discuss. Plus you’ve heard of public key encryption, but what lies beyond? We cover some possible alternatives and the problem of identity.

Then Dan’s got the latest on his Let’s encrypt setup including a brand new open source tool you too can use!

]]>
The recent ‘Devil’s Ivy’ vulnerability has caused quite a rash in the security journalism community. Is it as bad as poison ivy or just a bunch of hyperbole? We discuss. Plus you’ve heard of public key encryption, but what lies beyond? We cover some possible alternatives and the problem of identity.

Then Dan’s got the latest on his Let’s encrypt setup including a brand new open source tool you too can use!

]]>
Episode 327: Unsecured IO | TechSNAP 327https://techsnap.systems/327
358C04A2-5F50-4341-B0FE-66FCB643BF0AWed, 12 Jul 2017 01:14:15 -0700Jupiter BroadcastingfullJupiter BroadcastingGNUPG has just released a fix for a dangerous side-channel attack, a leak of NASDAQ test data was picked up by real news organizations and caused a bit of a panic, a security researched who managed to take over all .io domains & more!1:43:54no<p>GNUPG has just released a fix for a dangerous side-channel attack that could expose your private key, a leak of NASDAQ test data was picked up by real news organizations and caused a bit of a panic &amp; the fascinating story of a security researched who managed to take over all .io domains with a little sleuthing and a few domain registrations.</p>
<p>Plus Dan's got so much new stuff it has its own segment, and of course your feedback, a fantastic round-up &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/LIBkV5IfmBU" height="1" width="1" alt="">
GNUPG has just released a fix for a dangerous side-channel attack that could expose your private key, a leak of NASDAQ test data was picked up by real news organizations and caused a bit of a panic & the fascinating story of a security researched who managed to take over all .io domains with a little sleuthing and a few domain registrations.

Plus Dan's got so much new stuff it has its own segment, and of course your feedback, a fantastic round-up & so much more!

]]>
GNUPG has just released a fix for a dangerous side-channel attack that could expose your private key, a leak of NASDAQ test data was picked up by real news organizations and caused a bit of a panic & the fascinating story of a security researched who managed to take over all .io domains with a little sleuthing and a few domain registrations.

Plus Dan's got so much new stuff it has its own segment, and of course your feedback, a fantastic round-up & so much more!

]]>
Episode 326: Broadband from Space | TechSNAP 326https://techsnap.systems/326
535A1C7F-B8A6-493F-88F1-0210E049A3F0Tue, 04 Jul 2017 23:54:02 -0700Jupiter BroadcastingfullJupiter BroadcastingA new satellite broadband ISP has approval to serve the US, UK Law enforcement claims that visiting the dark web is a potential sign of terrorism & a Krebs’ deep dive into the wild world of robocalls. Plus Dan’s latest Let’s Encrypt updates & more!1:36:54noA new satellite broadband ISP has approval to serve the US, are their low-latency claims too good to be true? UK Law enforcement claims that visiting the dark web is a potential sign of terrorism, watch out tor users! Then we follow a Krebs’ deep dive into the wild world of robocalls.
<br>
<p>Plus Dan’s latest Let’s Encrypt updates, your fantastic feedback, a robust roundup &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/xWJhlPVxzAI" height="1" width="1" alt="">
A new satellite broadband ISP has approval to serve the US, are their low-latency claims too good to be true? UK Law enforcement claims that visiting the dark web is a potential sign of terrorism, watch out tor users! Then we follow a Krebs’ deep dive into the wild world of robocalls.

]]>
A new satellite broadband ISP has approval to serve the US, are their low-latency claims too good to be true? UK Law enforcement claims that visiting the dark web is a potential sign of terrorism, watch out tor users! Then we follow a Krebs’ deep dive into the wild world of robocalls.

]]>
Episode 325: Google Reads Your Email | TechSNAP 325https://techsnap.systems/325
5858B530-04BF-4B16-89D8-EEFB0FC8F0D1Tue, 27 Jun 2017 21:25:24 -0700Jupiter BroadcastingfullJupiter BroadcastingWe go to air just as a massive cyberattack strikes Europe, Google stops reading your email, well sorta maybe & we discuss the latest debate over US government access to overseas data.
Plus some fantastic feedback, a robust roundup & so much more!1:21:08no<p>We go to air just as a massive cyberattack strikes Europe, Google stops reading your email, well sorta maybe &amp; we discuss the latest debate over US government access to overseas data.</p>
<p>Plus some fantastic feedback, a robust roundup &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/R9hCTrnj3oU" height="1" width="1" alt="">
We go to air just as a massive cyberattack strikes Europe, Google stops reading your email, well sorta maybe & we discuss the latest debate over US government access to overseas data.

Plus some fantastic feedback, a robust roundup & so much more!

]]>
We go to air just as a massive cyberattack strikes Europe, Google stops reading your email, well sorta maybe & we discuss the latest debate over US government access to overseas data.

Then Dan does a deep dive on his DNS infrastructure, some recent improvements & his integration with Let’s Encrypt.

Plus some fantastic feedback, a robust roundup & so much more!

]]>
Episode 323: Comment & Control | TechSNAP 323https://techsnap.systems/323
131ED4E6-1807-4280-AB90-720D495B8491Wed, 14 Jun 2017 04:27:16 -0700Jupiter BroadcastingfullJupiter BroadcastingPeanut butter, taps & a new library that's the source of all truth. Then the story of Britney Spears latest career move: controlling botnets through Instagram comments & Dan teaches us about steganography and how it helped catch an NSA leaker.1:38:52noDan's back from BSDCAN with peanut butter, taps, and a new library that's the source of all truth. Then we've got the story of Britney Spears latest career move: controlling botnets through Instagram comments &amp; Dan teaches us about steganography and how it helped catch an NSA leaker.
<br>
<p>Plus some fantastic feedback, a robust roundup &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/DL2i2SwTTF0" height="1" width="1" alt="">
Dan's back from BSDCAN with peanut butter, taps, and a new library that's the source of all truth. Then we've got the story of Britney Spears latest career move: controlling botnets through Instagram comments & Dan teaches us about steganography and how it helped catch an NSA leaker.

Plus some fantastic feedback, a robust roundup & so much more!

]]>
Dan's back from BSDCAN with peanut butter, taps, and a new library that's the source of all truth. Then we've got the story of Britney Spears latest career move: controlling botnets through Instagram comments & Dan teaches us about steganography and how it helped catch an NSA leaker.

Plus some fantastic feedback, a robust roundup & so much more!

]]>
Episode 322: #NotMyInternet | TechSNAP 322https://techsnap.systems/322
93C5196A-692F-4738-B73F-F8983B2FAE0CTue, 06 Jun 2017 21:33:42 -0700Jupiter BroadcastingfullJupiter BroadcastingWe discuss who really controls the internet & just how centralized and potentially vulnerable it has become. Plus the latest security letdowns from Windows 10, the story of a questionably ethical hacker & Zomato's data breach & so much more!1:37:11noWe discuss who really controls the internet &amp; just how centralized and potentially vulnerable it has become. Plus the latest security letdowns from Windows 10, the story of a questionably ethical hacker &amp; Zomato's data breach.
<br>
<p>Plus some fantastic feedback, a robust roundup &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/u0yxtJK1UKw" height="1" width="1" alt="">
We discuss who really controls the internet & just how centralized and potentially vulnerable it has become. Plus the latest security letdowns from Windows 10, the story of a questionably ethical hacker & Zomato's data breach.

Plus some fantastic feedback, a robust roundup & so much more!

]]>
We discuss who really controls the internet & just how centralized and potentially vulnerable it has become. Plus the latest security letdowns from Windows 10, the story of a questionably ethical hacker & Zomato's data breach.

Plus some fantastic feedback, a robust roundup & so much more!

]]>
Episode 321: A Burrito Stole My Money | TechSNAP 321https://techsnap.systems/321
B6523917-CD35-4F76-BE43-B6D81F7E7733Tue, 30 May 2017 22:37:52 -0700Jupiter BroadcastingfullJupiter BroadcastingNot only is the UK leaving the Eurozone, they’re starting their own internet with more surveillance! Then some top tips on getting recruited by the Israeli NSA & the details of some new WannaCry wannabes that may be infecting a windows server near you.
1:24:22noNot only is the UK leaving the Eurozone, they are starting their own internet, this time with more surveillance! Then we’ve got some top tips on getting recruited by the Israeli NSA &amp; the details of some new WannaCry wannabes that may be infecting a windows server near you.
<br>
<p>Plus some fantastic feedback, a robust roundup &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/iIKdHvqBkkI" height="1" width="1" alt="">
Not only is the UK leaving the Eurozone, they are starting their own internet, this time with more surveillance! Then we’ve got some top tips on getting recruited by the Israeli NSA & the details of some new WannaCry wannabes that may be infecting a windows server near you.

Plus some fantastic feedback, a robust roundup & so much more!

]]>
Not only is the UK leaving the Eurozone, they are starting their own internet, this time with more surveillance! Then we’ve got some top tips on getting recruited by the Israeli NSA & the details of some new WannaCry wannabes that may be infecting a windows server near you.

]]>
We've got another round of WannaCry analysis, the latest on the FCCs battle over Net neutrality. Then IPv6 Tunnels & you, a 2017 check-in.

Plus some fantastic feedback, a robust roundup & so much more!

]]>
Episode 319: When IT Security Cries | TechSNAP 319https://techsnap.systems/319
0CB2FB98-8A0B-4B0B-BDA2-A08390272C71Tue, 16 May 2017 22:38:57 -0700Jupiter BroadcastingfullJupiter BroadcastingThe WannaCry Worm has brought the world to tears. We've got the latest details, conspiracy theories, fallout & some tissues.
Plus a keylogger that may be hiding in your audio driver, some great hardware recommendations from the audience & so much more!1:20:13no<p>The WannaCry Worm has brought the world to tears. We've got the latest details, conspiracy theories, fallout &amp; some tissues.</p>
<p>Plus a keylogger that may be hiding in your audio driver, some great hardware recommendations from the audience, your great feedback, a hard hitting round up &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/R4pwGVJL0-s" height="1" width="1" alt="">
The WannaCry Worm has brought the world to tears. We've got the latest details, conspiracy theories, fallout & some tissues.

Plus a keylogger that may be hiding in your audio driver, some great hardware recommendations from the audience, your great feedback, a hard hitting round up & so much more!

]]>
The WannaCry Worm has brought the world to tears. We've got the latest details, conspiracy theories, fallout & some tissues.

Plus a keylogger that may be hiding in your audio driver, some great hardware recommendations from the audience, your great feedback, a hard hitting round up & so much more!

]]>
Episode 318: All Drives Die | TechSNAP 318https://techsnap.systems/318
4ADFDB3A-C52D-4F57-B5D8-C3B79E3017AETue, 09 May 2017 21:42:09 -0700Jupiter BroadcastingfullJupiter BroadcastingTurns out you've been doing passwords wrong, we've got guidance from NIST. Plus the latest numbers from BackBlaze with some interesting conclusions.
Then, that google docs worm everyone's talking about, some top tips to stay safe & so much more!1:19:10no<p>Turns out you've been doing passwords wrong, but don't worry, we've got the latest and greatest guidance from NIST. Plus the latest numbers from BackBlaze with some interesting conclusions about enterprise drives.</p>
<p>Then the details about that google docs worm everyone's talking about, some top tips to stay safe &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/VBZvzGd4ycg" height="1" width="1" alt="">
Turns out you've been doing passwords wrong, but don't worry, we've got the latest and greatest guidance from NIST. Plus the latest numbers from BackBlaze with some interesting conclusions about enterprise drives.

Then the details about that google docs worm everyone's talking about, some top tips to stay safe & so much more!

]]>
Turns out you've been doing passwords wrong, but don't worry, we've got the latest and greatest guidance from NIST. Plus the latest numbers from BackBlaze with some interesting conclusions about enterprise drives.

Then the details about that google docs worm everyone's talking about, some top tips to stay safe & so much more!

]]>
Episode 317: Some Fishy Chips | TechSNAP 317https://techsnap.systems/317
5077500E-5265-480D-9E29-4069FA05D1BCWed, 03 May 2017 02:53:47 -0700Jupiter BroadcastingfullJupiter BroadcastingIntel's patched a remote execution exploit that’s been lurking in their chips for the past nine years. Then Dan does a deep dive into friend of the show Tarsnap. Plus we discuss when we use external services versus building ourselves & much more!1:38:13no<p>Intel's patched a remote execution exploit that’s been lurking in their chips for the past nine years, we’ve got the details &amp; some handy tips to check if you’re affected. Then Dan does a deep dive into friend of the show Tarsnap: what it is, how to use it &amp; why it’s so awesome. Plus we discuss when we use external services versus building ourselves &amp; a few tips for lightweight backup solutions that might work for you.</p>
<p>Then your fantastic feedback, a riotous roundup &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/3zoJjgWZ3LE" height="1" width="1" alt="">
Intel's patched a remote execution exploit that’s been lurking in their chips for the past nine years, we’ve got the details & some handy tips to check if you’re affected. Then Dan does a deep dive into friend of the show Tarsnap: what it is, how to use it & why it’s so awesome. Plus we discuss when we use external services versus building ourselves & a few tips for lightweight backup solutions that might work for you.

Then your fantastic feedback, a riotous roundup & so much more!

]]>
Intel's patched a remote execution exploit that’s been lurking in their chips for the past nine years, we’ve got the details & some handy tips to check if you’re affected. Then Dan does a deep dive into friend of the show Tarsnap: what it is, how to use it & why it’s so awesome. Plus we discuss when we use external services versus building ourselves & a few tips for lightweight backup solutions that might work for you.

Then your fantastic feedback, a riotous roundup & so much more!

]]>
Episode 316: PHP Steals Your Nuts | TechSNAP 316https://techsnap.systems/316
5AE1CB2E-8C22-4479-9379-DA2AD42A4693Wed, 26 Apr 2017 00:04:08 -0700Jupiter BroadcastingfullJupiter BroadcastingThe guys discuss an unfortunate new vulnerability in Squirrelmail. Plus a new entrant to the anonymous domain name space from some of the internet’s most famous rabble rousers. Then Dan & Wes get a bit jealous of Canada’s take on net neutrality & more!1:42:13noThe squirrels have gotten in the mailbag as the guys discuss an unfortunate new vulnerability in Squirrelmail. Plus an interesting new entrant to the anonymous domain name space from some of the internet’s most famous rabble rousers. Then Dan &amp; Wes get just a bit jealous of Canada’s new take on net neutrality &amp; more!<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/3XSykcLcRik" height="1" width="1" alt="">
The squirrels have gotten in the mailbag as the guys discuss an unfortunate new vulnerability in Squirrelmail. Plus an interesting new entrant to the anonymous domain name space from some of the internet’s most famous rabble rousers. Then Dan & Wes get just a bit jealous of Canada’s new take on net neutrality & more!]]>
The squirrels have gotten in the mailbag as the guys discuss an unfortunate new vulnerability in Squirrelmail. Plus an interesting new entrant to the anonymous domain name space from some of the internet’s most famous rabble rousers. Then Dan & Wes get just a bit jealous of Canada’s new take on net neutrality & more!]]>
Episode 315: Tales of FileSystems | TechSNAP 315https://techsnap.systems/315
919B9614-2A41-4544-9BDB-6514D7487C65Tue, 18 Apr 2017 21:57:56 -0700Jupiter BroadcastingfullJupiter BroadcastingWe’ve got the latest gossip on Apple’s brand new filesystem, Plus Dan dives deep into the world of ZFS and FreeBSD jails & shows us how he is putting them to use in his latest server build.
Plus your fantastic feedback, a riotous roundup & so much more!1:36:51no<p>We’ve got the latest gossip on Apple’s brand new filesystem &amp; why you should care! Plus Dan dives deep into the wonderful world of ZFS and FreeBSD jails &amp; shows us how he is putting them to use in his latest server build.</p>
<p>Plus it’s your fantastic feedback, a riotous roundup &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/WQuqqUgOfxs" height="1" width="1" alt="">
We’ve got the latest gossip on Apple’s brand new filesystem & why you should care! Plus Dan dives deep into the wonderful world of ZFS and FreeBSD jails & shows us how he is putting them to use in his latest server build.

Plus it’s your fantastic feedback, a riotous roundup & so much more!

]]>
We’ve got the latest gossip on Apple’s brand new filesystem & why you should care! Plus Dan dives deep into the wonderful world of ZFS and FreeBSD jails & shows us how he is putting them to use in his latest server build.

Plus it’s your fantastic feedback, a riotous roundup & so much more!

]]>
Episode 314: Cyber Liability | TechSNAP 314https://techsnap.systems/314
99470104-3B5B-49BD-8C95-4180DC77493AWed, 12 Apr 2017 03:13:41 -0700Jupiter BroadcastingfullJupiter BroadcastingWe cover some new research that can steal your phone’s PIN using just the on-board sensors. Then we cover how computer security is broken from top to bottom, Dan does another deep dive, this time on everyone’s favorite database, PostgresSQ & more!1:44:42no<p>We cover some fascinating new research that can steal your phone’s PIN using just the on-board sensors. Then we cover how computer security is broken from top to bottom and Dan does another deep dive, this time on everyone’s favorite database, PostgresSQL.</p>
<p>Plus it’s your feedback, a huge roundup &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/Qw9YvALcXl8" height="1" width="1" alt="">
We cover some fascinating new research that can steal your phone’s PIN using just the on-board sensors. Then we cover how computer security is broken from top to bottom and Dan does another deep dive, this time on everyone’s favorite database, PostgresSQL.

Plus it’s your feedback, a huge roundup & so much more!

]]>
We cover some fascinating new research that can steal your phone’s PIN using just the on-board sensors. Then we cover how computer security is broken from top to bottom and Dan does another deep dive, this time on everyone’s favorite database, PostgresSQL.

Plus it’s your feedback, a huge roundup & so much more!

]]>
Episode 313: Wifi Stack Overfloweth | TechSNAP 313https://techsnap.systems/313
32951009-A775-4AA3-8780-619AD9C9749DWed, 05 Apr 2017 02:04:35 -0700Jupiter BroadcastingfullJupiter BroadcastingYour Wifi Stack is under attack! But dont worry, Apple’s got the patch & we’ve got the story. Then the latest ATM hacking tips that will only cost you $15 & Dan does a deep dive into Let’s Encrypt!
Plus it’s your feedback, a huge roundup & so much more!1:41:34no<p>Your Wifi Stack is under attack! But dont worry, Apple’s got the patch &amp; we’ve got the story. Then the latest ATM hacking tips that will only cost you $15 &amp; Dan does a deep dive into Let’s Encrypt!</p>
<p>Plus it’s your feedback, a huge roundup &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/V2ix0lgBCHk" height="1" width="1" alt="">
Your Wifi Stack is under attack! But dont worry, Apple’s got the patch & we’ve got the story. Then the latest ATM hacking tips that will only cost you $15 & Dan does a deep dive into Let’s Encrypt!

Plus it’s your feedback, a huge roundup & so much more!

]]>
Your Wifi Stack is under attack! But dont worry, Apple’s got the patch & we’ve got the story. Then the latest ATM hacking tips that will only cost you $15 & Dan does a deep dive into Let’s Encrypt!

Plus it’s your feedback, a huge roundup & so much more!

]]>
Episode 312: Privacy is Dead | TechSNAP 312https://techsnap.systems/312
5E50C834-89DB-4219-8EC0-C0E948201876Wed, 29 Mar 2017 01:34:54 -0700Jupiter BroadcastingfullJupiter BroadcastingThis week, we cover the latest rollback of internet privacy regulations in the US, plus the story of script kiddies getting their day in court & Dan does a not-so-deep dive into ZFS .
Plus it’s your feedback, a huge roundup & so much more!1:42:50no<p>This week, we sell your private browsing history to the highest bidder! Oh wait, that’s your ISP! We cover the latest rollback of internet privacy regulations in the US, plus the surprisingly uplifting story of script kiddies getting their day in court, Dan does a not-so-deep dive into ZFS &amp; explains why you should already be using it.</p>
<p>Plus it’s your feedback, a huge roundup &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/CMmvfW88JHg" height="1" width="1" alt="">
This week, we sell your private browsing history to the highest bidder! Oh wait, that’s your ISP! We cover the latest rollback of internet privacy regulations in the US, plus the surprisingly uplifting story of script kiddies getting their day in court, Dan does a not-so-deep dive into ZFS & explains why you should already be using it.

Plus it’s your feedback, a huge roundup & so much more!

]]>
This week, we sell your private browsing history to the highest bidder! Oh wait, that’s your ISP! We cover the latest rollback of internet privacy regulations in the US, plus the surprisingly uplifting story of script kiddies getting their day in court, Dan does a not-so-deep dive into ZFS & explains why you should already be using it.

Plus it’s your feedback, a huge roundup & so much more!

]]>
Episode 311: Check Yo Checksum | TechSNAP 311https://techsnap.systems/311
42DA225B-4041-4E04-8556-A0B534C6C67CWed, 22 Mar 2017 02:11:34 -0700Jupiter BroadcastingfullJupiter BroadcastingThe guys break with the usual format & turn things over to Dan for a deep deep dive on Bacula! Then it’s the latest Yahoo hack news & a few more reasons you should already be using ZFS.
Plus it’s your feedback, a huge roundup & so much more!2:01:46no<p>The guys break with the usual format &amp; turn things over to Dan for a deep deep dive on Bacula! Then it’s the latest Yahoo hack news &amp; a few more reasons you should already be using ZFS.</p>
<p>Plus it’s your feedback, a huge roundup &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/OTc-DWvKA9c" height="1" width="1" alt="">
The guys break with the usual format & turn things over to Dan for a deep deep dive on Bacula! Then it’s the latest Yahoo hack news & a few more reasons you should already be using ZFS.

Plus it’s your feedback, a huge roundup & so much more!

]]>
The guys break with the usual format & turn things over to Dan for a deep deep dive on Bacula! Then it’s the latest Yahoo hack news & a few more reasons you should already be using ZFS.

Plus it’s your feedback, a huge roundup & so much more!

]]>
Episode 310: Don’t Panic & P your S | TechSNAP 310https://techsnap.systems/310
9B9F2E5D-7653-4E79-85DA-4A11D4B0D6D8Tue, 14 Mar 2017 23:10:36 -0700Jupiter BroadcastingfullJupiter BroadcastingWe crack open Vault 7 & are let down by what's inside, give you one more reason you should already be using ZFS & you thought you could trust your phone again, we’ve got the story of preinstalled Android malware. Then it’s feedback, the roundup & more!1:27:49noWe crack open Vault 7 &amp; are a little let down by what's inside, give you one more reason you should already be using ZFS &amp; just when you thought you could trust your phone again, we’ve got the story of preinstalled Android malware. Then it’s your feedback, a huge roundup &amp; so much more!<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/OkH7iJQOcxY" height="1" width="1" alt="">
We crack open Vault 7 & are a little let down by what's inside, give you one more reason you should already be using ZFS & just when you thought you could trust your phone again, we’ve got the story of preinstalled Android malware. Then it’s your feedback, a huge roundup & so much more!]]>
We crack open Vault 7 & are a little let down by what's inside, give you one more reason you should already be using ZFS & just when you thought you could trust your phone again, we’ve got the story of preinstalled Android malware. Then it’s your feedback, a huge roundup & so much more!]]>
Episode 309: Bad Boy Backups | TechSNAP 309https://techsnap.systems/309
2A8C0656-0A25-4A2D-8363-E1AE2626091BTue, 07 Mar 2017 21:48:59 -0800Jupiter BroadcastingfullJupiter BroadcastingWe’ve got the sad story of cloud-enabled toys leading to, you guessed it, leaking customer’s personal information! Plus a case of backups gone bad, but this time, it’s a good thing!
Then it’s your feedback, a huge roundup, and so much more!1:30:31no<p>We’ve got the sad story of cloud-enabled toys leading to, you guessed it, leaking customer’s personal information! Plus a case of backups gone bad, but this time, it’s a good thing!</p>
<p>Then it’s your feedback, a huge roundup, and so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/6CdrVD0K7eo" height="1" width="1" alt="">
We’ve got the sad story of cloud-enabled toys leading to, you guessed it, leaking customer’s personal information! Plus a case of backups gone bad, but this time, it’s a good thing!

Then it’s your feedback, a huge roundup, and so much more!

]]>
We’ve got the sad story of cloud-enabled toys leading to, you guessed it, leaking customer’s personal information! Plus a case of backups gone bad, but this time, it’s a good thing!

Then it’s your feedback, a huge roundup, and so much more!

]]>
Episode 308: Cloudy with a Chance of Leaks | TechSNAP 308https://techsnap.systems/308
27A9FEB4-08B4-4175-A6A9-0A1A8D2BDE97Tue, 28 Feb 2017 21:40:13 -0800Jupiter BroadcastingfullJupiter BroadcastingGoogle heard you like hashes so they broke SHA1, we've got the details.
Plus we dive in to Cloudflare's data disaster, Dan shows us his rack, your feedback, a huge roundup & so much more!1:21:45no<p>Google heard you like hashes so they broke SHA1, we've got the details.</p>
<p>Plus we dive in to Cloudflare's data disaster, Dan shows us his rack, your feedback, a huge roundup &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/XXWrp_riJZY" height="1" width="1" alt="">
Google heard you like hashes so they broke SHA1, we've got the details.

Plus we dive in to Cloudflare's data disaster, Dan shows us his rack, your feedback, a huge roundup & so much more!

]]>
Google heard you like hashes so they broke SHA1, we've got the details.

Plus we dive in to Cloudflare's data disaster, Dan shows us his rack, your feedback, a huge roundup & so much more!

]]>
Episode 307: State Sponsored Audiophiles | TechSNAP 307https://techsnap.systems/307
8ED56ED6-D8D5-47B9-B1CA-80D78DB58E4DTue, 21 Feb 2017 21:44:00 -0800Jupiter BroadcastingfullJupiter BroadcastingThe details on the latest WordPress vulnerability, then the perhaps not so surprising takeover of a cybersecurity firms website & watch out, hacker's may be using your microphone to steal your data!
Plus a packed roundup, your feedback & so much more!1:07:03no<p>The details on the latest WordPress vulnerability, then the surprising, or perhaps not so surprising takeover of a cybersecurity firms website &amp; watch out, hacker's may be using your microphone to steal your data!</p>
<p>Plus a packed roundup, your feedback &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/gzqsFNUd1PU" height="1" width="1" alt="">
The details on the latest WordPress vulnerability, then the surprising, or perhaps not so surprising takeover of a cybersecurity firms website & watch out, hacker's may be using your microphone to steal your data!

Plus a packed roundup, your feedback & so much more!

]]>
The details on the latest WordPress vulnerability, then the surprising, or perhaps not so surprising takeover of a cybersecurity firms website & watch out, hacker's may be using your microphone to steal your data!

Plus a packed roundup, your feedback & so much more!

]]>
Episode 306: Metadata Matters | TechSNAP 306https://techsnap.systems/306
810F2BA3-6C7E-4C4D-A2DF-10C715D049D4Wed, 15 Feb 2017 00:11:40 -0800Jupiter BroadcastingfullJupiter BroadcastingThe latest on just who has access to your private email, Dan dives deep on the GitLab Postmortem & did you know that Transport for London has been tracking your wifi? We’ve got the details.
Plus a packed roundup, your feedback & so much more!1:57:38no<p>The latest on just who has access to your private email, Dan dives deep on the GitLab Postmortem &amp; did you know that Transport for London has been tracking your wifi? We’ve got the details.</p>
<p>Plus a packed roundup, your feedback &amp; so much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/sKiDHtkBNsg" height="1" width="1" alt="">
The latest on just who has access to your private email, Dan dives deep on the GitLab Postmortem & did you know that Transport for London has been tracking your wifi? We’ve got the details.

Plus a packed roundup, your feedback & so much more!

]]>
The latest on just who has access to your private email, Dan dives deep on the GitLab Postmortem & did you know that Transport for London has been tracking your wifi? We’ve got the details.

Note: This is a shorter episode because the hosts are new and the first recording was also a double episode recording, expect them to get longer as the guys get more comfortable!

]]>
Episode 301: The Next Generation | TechSNAP 301https://techsnap.systems/301
2E9AD9A8-0001-45FE-8D87-0EE2A6097784Tue, 10 Jan 2017 21:22:09 -0800Jupiter BroadcastingfullJupiter BroadcastingMalware that evades blocking systems and getting into BSD for the first time.
Plus a fresh round up, your questions & much, much more!38:58no<p>Malware that evades blocking systems and getting into BSD for the first time.</p>
<p>Plus a fresh round up, your questions &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/7olqcLTqpkw" height="1" width="1" alt="">
Malware that evades blocking systems and getting into BSD for the first time.

Plus a fresh round up, your questions & much, much more!

]]>
Malware that evades blocking systems and getting into BSD for the first time.

Plus a fresh round up, your questions & much, much more!

]]>
Episode 300: 2089 Days Uptime | TechSNAP 300https://techsnap.systems/300
85B9FE8E-BBE5-4743-A6E4-DE1843D9C31FThu, 05 Jan 2017 21:11:40 -0800Jupiter BroadcastingfullJupiter BroadcastingHow the hack of DigiNotar changed the infrastructure of the Internet forever, changing the way we think about security & how to hide malware in a PNG.
Plus a packed round up, great emails & more in a packed 300th episode!2:13:06no<p>How the hack of DigiNotar changed the infrastructure of the Internet forever, changing the way we think about security &amp; how to hide malware in a PNG.</p>
<p>Plus a packed round up, great emails &amp; more in a packed 300th episode!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/50YQDo15-4k" height="1" width="1" alt="">
How the hack of DigiNotar changed the infrastructure of the Internet forever, changing the way we think about security & how to hide malware in a PNG.

Plus a packed round up, great emails & more in a packed 300th episode!

]]>
How the hack of DigiNotar changed the infrastructure of the Internet forever, changing the way we think about security & how to hide malware in a PNG.

Plus a packed round up, great emails & more in a packed 300th episode!

]]>
Episode 299: Fancy Bear Misfire.apk | TechSNAP 299https://techsnap.systems/299
B1B837EA-5074-42D0-A1D7-FBD3FF7BF2F6Thu, 29 Dec 2016 18:44:14 -0800Jupiter BroadcastingfullJupiter BroadcastingPHPMailer puts almost every PHP CMS at risk, the Fancy Bear Android Malware that has a complicated past & the new botnet that likes brag.
Plus great questions, a packed round up & much, much more!1:33:10no<p>PHPMailer puts almost every PHP CMS at risk, the Fancy Bear Android Malware that has a complicated past &amp; the new botnet that likes brag.</p>
<p>Plus great questions, a packed round up &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/8RMYiSLdDX8" height="1" width="1" alt="">
PHPMailer puts almost every PHP CMS at risk, the Fancy Bear Android Malware that has a complicated past & the new botnet that likes brag.

Plus great questions, a packed round up & much, much more!

]]>
PHPMailer puts almost every PHP CMS at risk, the Fancy Bear Android Malware that has a complicated past & the new botnet that likes brag.

Plus great questions, a packed round up & much, much more!

]]>
Episode 298: Best of 2016 | TechSNAP 298https://techsnap.systems/298
E96BEA4A-083E-44F0-96C7-FC1902C25D99Thu, 22 Dec 2016 10:40:03 -0800Jupiter BroadcastingfullJupiter BroadcastingWe've given the Jupiter Broadcasting staff the holidays off, so lets take this moment to have a look back at some of the best moments of TechSNAP in 2016!1:30:20noWe've given the Jupiter Broadcasting staff the holidays off, so lets take this moment to have a look back at some of the best moments of TechSNAP in 2016!<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/rSRfp3Bb8_I" height="1" width="1" alt="">
We've given the Jupiter Broadcasting staff the holidays off, so lets take this moment to have a look back at some of the best moments of TechSNAP in 2016!]]>
We've given the Jupiter Broadcasting staff the holidays off, so lets take this moment to have a look back at some of the best moments of TechSNAP in 2016!]]>
Episode 297: The Bourne Avalanche | TechSNAP 297https://techsnap.systems/297
C2DE5F02-1932-4829-BC76-B930758F70F7Thu, 15 Dec 2016 20:19:25 -0800Jupiter BroadcastingfullJupiter BroadcastingThe Malvertising campaign that targets routers, script kiddies get a talking to & the Avalanche crime ringleader is on the run.
Plus your questions, a packed round up & more!1:33:04no<p>The Malvertising campaign that targets routers, script kiddies get a talking to &amp; the Avalanche crime ringleader is on the run.</p>
<p>Plus your questions, a packed round up &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/m8QbYtkLvIM" height="1" width="1" alt="">
The Malvertising campaign that targets routers, script kiddies get a talking to & the Avalanche crime ringleader is on the run.

Plus your questions, a packed round up & more!

]]>
The Malvertising campaign that targets routers, script kiddies get a talking to & the Avalanche crime ringleader is on the run.

]]>
Episode 294: Turkey.deb | TechSNAP 294https://techsnap.systems/294
146347C0-20FF-47A2-9368-F6CF459DABEEThu, 24 Nov 2016 18:37:07 -0800Jupiter BroadcastingfullJupiter BroadcastingThe Debian packaging flaw that exposes your server, we go over the state of the Internet... report that is & hacking 27% of the web.
Plus some great questions, a fantastic round up & much, much more!1:32:36no<p>The Debian packaging flaw that exposes your server, we go over the state of the Internet... report that is &amp; hacking 27% of the web.</p>
<p>Plus some great questions, a fantastic round up &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/ngJNQ5IbVEY" height="1" width="1" alt="">
The Debian packaging flaw that exposes your server, we go over the state of the Internet... report that is & hacking 27% of the web.

Plus some great questions, a fantastic round up & much, much more!

]]>
The Debian packaging flaw that exposes your server, we go over the state of the Internet... report that is & hacking 27% of the web.

]]>
We go deep into sophisticated modular malware & meet the manufacturer who vows to recall their IoT devices used in recent attacks.

Plus home server questions, a fun round-up & more!

]]>
Episode 290: Internet Snow Day | TechSNAP 290https://techsnap.systems/290
131ECEB0-9245-4405-83DA-CBF93D98035DThu, 27 Oct 2016 17:27:33 -0700Jupiter BroadcastingfullJupiter BroadcastingA large managed DNS provider was taken down by a DDoS, we'll tell you all about Dyn’s big outage.
Then we beat the dead dirty CoW, answer your questions, a breaking news round up & more!1:23:13no<p>A large managed DNS provider was taken down by a DDoS, we'll tell you all about Dyn’s big outage.</p>
<p>Then we beat the dead dirty CoW, answer your questions, a breaking news round up &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/L1tpQJqXstE" height="1" width="1" alt="">
A large managed DNS provider was taken down by a DDoS, we'll tell you all about Dyn’s big outage.

]]>
Episode 289: Long Broken SSL History | TechSNAP 289https://techsnap.systems/289
17E570EE-C1C8-4E65-AFAE-DA96F0F85F6AFri, 21 Oct 2016 00:25:01 -0700Jupiter BroadcastingfullJupiter BroadcastingSpreading the DDoS Disease & selling the cure, we have the audit results of TrueCrypt’s replacement & a comprehensive history of the most important events that shaped the SSL ecosystem.
Plus your great questions, our answers & much... Much MORE!2:41:38no<p>Spreading the DDoS Disease &amp; selling the cure, we have the audit results of TrueCrypt’s replacement &amp; a comprehensive history of the most important events that shaped the SSL ecosystem.</p>
<p>Plus your great questions, our answers &amp; much... Much MORE!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/sWxaUvK_hsA" height="1" width="1" alt="">
Spreading the DDoS Disease & selling the cure, we have the audit results of TrueCrypt’s replacement & a comprehensive history of the most important events that shaped the SSL ecosystem.

Plus your great questions, our answers & much... Much MORE!

]]>
Spreading the DDoS Disease & selling the cure, we have the audit results of TrueCrypt’s replacement & a comprehensive history of the most important events that shaped the SSL ecosystem.

Plus your great questions, our answers & much... Much MORE!

]]>
Episode 288: Internet of Default Passwords | TechSNAP 288https://techsnap.systems/288
8316F4C4-F280-4102-82B7-BBF3DB55D833Fri, 14 Oct 2016 01:48:55 -0700Jupiter BroadcastingfullJupiter BroadcastingThe Internet of Things is the Internet of Terrible, we’ll round up the week’s stories & submit the TechSNAP solution to you the audience. Plus the security cost of Android fragmentation, great questions & a packed round up!1:40:03noThe Internet of Things is the Internet of Terrible, we’ll round up the week’s stories &amp; submit the TechSNAP solution to you the audience. Plus the security cost of Android fragmentation, great questions &amp; a packed round up!<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/VHEyuogMSVs" height="1" width="1" alt="">
The Internet of Things is the Internet of Terrible, we’ll round up the week’s stories & submit the TechSNAP solution to you the audience. Plus the security cost of Android fragmentation, great questions & a packed round up!]]>
The Internet of Things is the Internet of Terrible, we’ll round up the week’s stories & submit the TechSNAP solution to you the audience. Plus the security cost of Android fragmentation, great questions & a packed round up!]]>
Episode 287: Open Source Botnet | TechSNAP 287https://techsnap.systems/287
64B3770B-51AD-424A-9989-0395D94E62DFThu, 06 Oct 2016 21:21:31 -0700Jupiter BroadcastingfullJupiter BroadcastingThe Source code for a historic botnet has been released, the tale of a DNS packet & four ways to hack ATMs.
Plus your hard questions, our answers, a rockin' roundup & more!2:12:58no<p>The Source code for a historic botnet has been released, the tale of a DNS packet &amp; four ways to hack ATMs.</p>
<p>Plus your hard questions, our answers, a rockin' roundup &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/rLF3tNuCJKA" height="1" width="1" alt="">
The Source code for a historic botnet has been released, the tale of a DNS packet & four ways to hack ATMs.

Plus your hard questions, our answers, a rockin' roundup & more!

]]>
The Source code for a historic botnet has been released, the tale of a DNS packet & four ways to hack ATMs.

Plus your hard questions, our answers, a rockin' roundup & more!

]]>
Episode 286: Botnet of Things | TechSNAP 286https://techsnap.systems/286
504CC113-DF48-4DEC-8367-866CAE58F9C0Thu, 29 Sep 2016 20:15:58 -0700Jupiter BroadcastingfullJupiter BroadcastingKrebs is hit with DDoS attack & then gets kicked off of Akamai. We’ll tell you about the record breaking details, Firefox puts it foot down, picking NFS or Samba…
Your questions, our answers, a packed Round Up & much more!2:06:57no<p>Krebs is hit with DDoS attack &amp; then gets kicked off of Akamai. We’ll tell you about the record breaking details, Firefox puts it foot down, picking NFS or Samba…</p>
<p>Your questions, our answers, a packed Round Up &amp; much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/aMoPTGlqitc" height="1" width="1" alt="">
Krebs is hit with DDoS attack & then gets kicked off of Akamai. We’ll tell you about the record breaking details, Firefox puts it foot down, picking NFS or Samba…

Your questions, our answers, a packed Round Up & much more!

]]>
Krebs is hit with DDoS attack & then gets kicked off of Akamai. We’ll tell you about the record breaking details, Firefox puts it foot down, picking NFS or Samba…

]]>
The FBI arrests the script kiddies that hacked the CIA director, how Dropbox hacks your Mac & the guys behind a DDoS for hire service get busted.

Plus great questions, our answers, a rockin roundup & more!

]]>
Episode 284: Buffalo Overflow | TechSNAP 284https://techsnap.systems/284
310BA38B-1547-4377-894E-DB5C6447A330Thu, 15 Sep 2016 17:28:09 -0700Jupiter BroadcastingfullJupiter BroadcastingMassive drive failures after a datacenter gas attack. A critical MySQL vulnerability you should know about & is Cisco responsible for the death of an MMO?
Plus great questions, our answers & much more!1:17:52no<p>Massive drive failures after a datacenter gas attack. A critical MySQL vulnerability you should know about &amp; is Cisco responsible for the death of an MMO?</p>
<p>Plus great questions, our answers &amp; much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/AsHgjIOADPg" height="1" width="1" alt="">
Massive drive failures after a datacenter gas attack. A critical MySQL vulnerability you should know about & is Cisco responsible for the death of an MMO?

Plus great questions, our answers & much more!

]]>
Massive drive failures after a datacenter gas attack. A critical MySQL vulnerability you should know about & is Cisco responsible for the death of an MMO?

Plus great questions, our answers & much more!

]]>
Episode 283: I Can't Believe It's Not Ethernet | TechSNAP 283https://techsnap.systems/283
A80CEF4B-1B87-4630-9618-9F34AA0BBF98Thu, 08 Sep 2016 21:00:07 -0700Jupiter BroadcastingfullJupiter BroadcastingHow a modified USB ethernet adapter can steal credentials, a new compression algorithm from Facebook that might be legit & the terrible terrible security of a consumer NAS.
Plus great questions, our answers, a fun roundup & much, much more!1:23:38no<p>How a modified USB ethernet adapter can steal credentials, a new compression algorithm from Facebook that might be legit &amp; the terrible terrible security of a consumer NAS.</p>
<p>Plus great questions, our answers, a fun roundup &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/N3o48xyM7ZM" height="1" width="1" alt="">
How a modified USB ethernet adapter can steal credentials, a new compression algorithm from Facebook that might be legit & the terrible terrible security of a consumer NAS.

Plus great questions, our answers, a fun roundup & much, much more!

]]>
How a modified USB ethernet adapter can steal credentials, a new compression algorithm from Facebook that might be legit & the terrible terrible security of a consumer NAS.

]]>
Why the Internet needs it’s own version of cancer researchers, bypassing chip and pin protections & the 2016 Pwnie Awards from Blackhat!

Plus your questions, our answers & much, much more!

]]>
Episode 278: Dangerous Dangling Quotes | TechSNAP 278https://techsnap.systems/278
2EF103D3-0DDC-4F7D-8BFC-32BFAF344BE7Thu, 04 Aug 2016 18:48:29 -0700Jupiter BroadcastingfullJupiter BroadcastingHow to get an SSL certificate for other people's domains, how to decrypt HTTPS traffic with some javascript & the latest storage reliability report.
Plus great questions & a rocking round up!1:32:09no<p>How to get an SSL certificate for other people's domains, how to decrypt HTTPS traffic with some javascript &amp; the latest storage reliability report.</p>
<p>Plus great questions &amp; a rocking round up!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/P9JfZMZtbSs" height="1" width="1" alt="">
How to get an SSL certificate for other people's domains, how to decrypt HTTPS traffic with some javascript & the latest storage reliability report.

Plus great questions & a rocking round up!

]]>
How to get an SSL certificate for other people's domains, how to decrypt HTTPS traffic with some javascript & the latest storage reliability report.

Plus great questions & a rocking round up!

]]>
Episode 277: Internet Power Struggle | TechSNAP 277https://techsnap.systems/277
1515255F-DBC6-42A1-97AB-B6334F511231Thu, 28 Jul 2016 22:55:15 -0700Jupiter BroadcastingfullJupiter BroadcastingWe’re in an epic battle for power in cyberspace & Bruce Schneier breaks it down. PHP gets broken, PornHub gets hacked & the disgruntled employee who wiped the router configs on his way out the door.
Plus great emails, a packed round up & more!1:29:27no<p>We’re in the middle of an epic battle for power in cyberspace &amp; Bruce Schneier breaks it down. PHP gets broken, PornHub gets hacked &amp; the disgruntled employee who wiped the router configs on his way out the door.</p>
<p>Plus great emails, a packed round up &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/5DiTdvqg6qA" height="1" width="1" alt="">
We’re in the middle of an epic battle for power in cyberspace & Bruce Schneier breaks it down. PHP gets broken, PornHub gets hacked & the disgruntled employee who wiped the router configs on his way out the door.

Plus great emails, a packed round up & more!

]]>
We’re in the middle of an epic battle for power in cyberspace & Bruce Schneier breaks it down. PHP gets broken, PornHub gets hacked & the disgruntled employee who wiped the router configs on his way out the door.

Your great questions, our answers, a packed round up & much, much more!

]]>
Episode 271: Apple Pretend Filesystem | TechSNAP 271https://techsnap.systems/271
617BF5EE-4D50-4FB3-9A41-644F49D3B307Thu, 16 Jun 2016 19:51:16 -0700Jupiter BroadcastingfullJupiter BroadcastingWhy didn’t Apple choose ZFS for its new filesystem? We journey through the long history of ZFS at Apple. Plus how the BadTunnel bug can hijack traffic from all versions of Windows & should we worry about Intel’s management tech & much more!1:58:25no<p>Why didn’t Apple choose ZFS for its new filesystem? We journey through the long history of ZFS at Apple. Plus how the BadTunnel bug can hijack traffic from all versions of Windows &amp; should we worry about Intel’s management tech? </p>
<p>Plus great questions, a huge round up &amp; much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/ao8y9rYIvyU" height="1" width="1" alt="">
Why didn’t Apple choose ZFS for its new filesystem? We journey through the long history of ZFS at Apple. Plus how the BadTunnel bug can hijack traffic from all versions of Windows & should we worry about Intel’s management tech?

Plus great questions, a huge round up & much more!

]]>
Why didn’t Apple choose ZFS for its new filesystem? We journey through the long history of ZFS at Apple. Plus how the BadTunnel bug can hijack traffic from all versions of Windows & should we worry about Intel’s management tech?

]]>
The bloatware shipping on those new computers is way, way worse than you probably thought, Internet exposed printers & the thrilling story of reverse engineering an ATM skimmer. Yes that’s really a thing.

Plus great questions, our answers & more!

]]>
Episode 269: 10,000 Cables Under the Sea | TechSNAP 269https://techsnap.systems/269
73E04878-85C4-4346-A675-A90A29838B55Thu, 02 Jun 2016 17:24:00 -0700Jupiter BroadcastingfullJupiter BroadcastingWindows exploits for sale at a great price, how the Internet works, yes, seriously & it's awesome!
Plus we solve some of your problems, a great roundup & more!1:41:27no<p>Windows exploits for sale at a great price, how the Internet works, yes, seriously &amp; it's awesome!</p>
<p>Plus we solve some of your problems, a great roundup &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/BZHz-juFw2E" height="1" width="1" alt="">
Windows exploits for sale at a great price, how the Internet works, yes, seriously & it's awesome!

Plus we solve some of your problems, a great roundup & more!

]]>
Windows exploits for sale at a great price, how the Internet works, yes, seriously & it's awesome!

]]>
A critical flaw in that bit of software tucked far far away that you never think about… Until now, we explain why ImageTragick is a pain. More OpenSSL flaws & fraudsters stealing tax data from the motherload.

Plus great questions, our answers, a packed Round up & more!

]]>
Episode 264: On Target | TechSNAP 264https://techsnap.systems/264
EBDB5A6E-41E3-4DA4-84CC-37D4CCF8336EThu, 28 Apr 2016 06:58:28 -0700Jupiter BroadcastingfullJupiter BroadcastingThis week, Chris & allan are both out of town at different shenanigans, but they recorded a sneaky episode for you in which they recap the Target breach, from when the news broke to the lessons learned and everything in between!1:26:15noThis week, Chris &amp; allan are both out of town at different shenanigans, but they recorded a sneaky episode for you in which they recap the Target breach, from when the news broke to the lessons learned and everything in between!<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/px7j_2KYSkw" height="1" width="1" alt="">
This week, Chris & allan are both out of town at different shenanigans, but they recorded a sneaky episode for you in which they recap the Target breach, from when the news broke to the lessons learned and everything in between!]]>
This week, Chris & allan are both out of town at different shenanigans, but they recorded a sneaky episode for you in which they recap the Target breach, from when the news broke to the lessons learned and everything in between!]]>
Episode 263: One Key to Rule Them All | TechSNAP 263https://techsnap.systems/263
0638D7DB-515E-449C-AF1B-B584DC5595F7Thu, 21 Apr 2016 11:44:47 -0700Jupiter BroadcastingfullJupiter BroadcastingThis week, the FBI says APT6 has pawned the government for the last 5 years, Unaoil: a company that's bribing the world & Researchers find a flaw in the visa database.
All that plus a packed feedback, roundup & more!1:10:36no<p>This week, the FBI says APT6 has pawned the government for the last 5 years, Unaoil: a company that's bribing the world &amp; Researchers find a flaw in the visa database.</p>
<p>All that plus a packed feedback, roundup &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/Wm_FBMQWBlY" height="1" width="1" alt="">
This week, the FBI says APT6 has pawned the government for the last 5 years, Unaoil: a company that's bribing the world & Researchers find a flaw in the visa database.

All that plus a packed feedback, roundup & more!

]]>
This week, the FBI says APT6 has pawned the government for the last 5 years, Unaoil: a company that's bribing the world & Researchers find a flaw in the visa database.

All that plus a packed feedback, roundup & more!

]]>
Episode 262: rm -rf $ALLTHETHINGS/ | TechSNAP 262https://techsnap.systems/262
AC85D9F6-AFB1-40D1-BABB-F98206303C36Thu, 14 Apr 2016 19:38:34 -0700Jupiter BroadcastingfullJupiter BroadcastingFind out why everyone's disappointed in Badlock, the bad security that could be connected to the Panama Papers leak & a simple delete command that took out an entire hosting provider.
Plus your batch of networking questions, a packed round up & more!1:36:36no<p>Find out why everyone's just a little disappointed in Badlock, the bad security that could be connected to the Panama Papers leak &amp; the story of a simple delete command that took out an entire hosting provider.</p>
<p>Plus your batch of networking questions, our answers &amp; a packed round up!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/h9MFm88IOPs" height="1" width="1" alt="">
Find out why everyone's just a little disappointed in Badlock, the bad security that could be connected to the Panama Papers leak & the story of a simple delete command that took out an entire hosting provider.

]]>
Find out why everyone's just a little disappointed in Badlock, the bad security that could be connected to the Panama Papers leak & the story of a simple delete command that took out an entire hosting provider.

]]>
Episode 261: Holding Hospitals Hostage | TechSNAP 261https://techsnap.systems/261
03421C0F-687D-4656-8E8C-0705E6374D57Thu, 07 Apr 2016 09:51:27 -0700Jupiter BroadcastingfullJupiter BroadcastingFind out about another hospital that accidentally took advantage of free encryption, researchers turn up a DDoS on the root DNS servers & the password test you never want to take.
Plus your batch of networking questions, our answers & a packed round up!1:13:50no<p>Find out about another hospital that accidentally took advantage of free encryption, researchers turn up a DDoS on the root DNS servers &amp; the password test you never want to take.</p>
<p>Plus your batch of networking questions, our answers &amp; a packed round up!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/qRhbOMHUk1g" height="1" width="1" alt="">
Find out about another hospital that accidentally took advantage of free encryption, researchers turn up a DDoS on the root DNS servers & the password test you never want to take.

]]>
Episode 260: Pay to Boot | TechSNAP 260https://techsnap.systems/260
8DA3642C-1DEC-4279-873D-2B2F3BA8273FThu, 31 Mar 2016 16:03:26 -0700Jupiter BroadcastingfullJupiter BroadcastingNew Ransomware locks your bootloader & makes you pay to boot. Malware with built in DRM? We’ll share the story of this clever hack.
Plus some great questions, our answers, a packed round up & more!1:13:12no<p>New Ransomware locks your bootloader &amp; makes you pay to boot. Malware with built in DRM? We’ll share the story of this clever hack.</p>
<p>Plus some great questions, our answers, a packed round up &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/aH9Eab73uN8" height="1" width="1" alt="">
New Ransomware locks your bootloader & makes you pay to boot. Malware with built in DRM? We’ll share the story of this clever hack.

Plus some great questions, our answers, a packed round up & more!

]]>
New Ransomware locks your bootloader & makes you pay to boot. Malware with built in DRM? We’ll share the story of this clever hack.

Plus some great questions, our answers, a packed round up & more!

]]>
Episode 259: Can You Hack Me Now? | TechSNAP 259https://techsnap.systems/259
2F7CB58D-906F-4E8C-872C-7A9C53FF64F6Thu, 24 Mar 2016 18:54:15 -0700Jupiter BroadcastingfullJupiter BroadcastingVerizon Enterprise gets breached & the irony is strong with this one, details on the NPM fiasco & why the SAMSAM is holding up the doctor.
Plus some great questions, a packed round up & much, much more!1:30:41no<p>Verizon Enterprise gets breached &amp; the irony is strong with this one, details on the NPM fiasco &amp; why the SAMSAM is holding up the doctor.</p>
<p>Plus some great questions, a packed round up &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/c695e4HAvuY" height="1" width="1" alt="">
Verizon Enterprise gets breached & the irony is strong with this one, details on the NPM fiasco & why the SAMSAM is holding up the doctor.

Plus some great questions, a packed round up & much, much more!

]]>
Verizon Enterprise gets breached & the irony is strong with this one, details on the NPM fiasco & why the SAMSAM is holding up the doctor.

Plus great questions, our answers, a rocking round up & much, much more!

]]>
Episode 257: Fixing the Barn Door | TechSNAP 257https://techsnap.systems/257
34553705-77CE-4E4D-B335-C78B5D2C301FThu, 10 Mar 2016 10:04:14 -0800Jupiter BroadcastingfullJupiter BroadcastingWe’ll tell you about the real world pirates that hacked a shipping company, the open source libraries from Mars Rover found being used in malware & Microsoft’s solution for that after-hack hangover.
Plus great questions, a packed round up & much more!1:20:48no<p>We’ll tell you about the real world pirates that hacked a shipping company, the open source libraries from Mars Rover found being used in malware &amp; Microsoft’s solution for that after-hack hangover.</p>
<p>Plus great questions, a packed round up &amp; much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/NCirm5W92pc" height="1" width="1" alt="">
We’ll tell you about the real world pirates that hacked a shipping company, the open source libraries from Mars Rover found being used in malware & Microsoft’s solution for that after-hack hangover.

Plus great questions, a packed round up & much more!

]]>
We’ll tell you about the real world pirates that hacked a shipping company, the open source libraries from Mars Rover found being used in malware & Microsoft’s solution for that after-hack hangover.

Plus great questions, a packed round up & much more!

]]>
Episode 256: Open Server Sadness Layer | TechSNAP 256https://techsnap.systems/256
4D9C42DA-4C75-4595-9DF6-FBF9272371C0Thu, 03 Mar 2016 17:22:59 -0800Jupiter BroadcastingfullJupiter BroadcastingOpenSSL issues a major security advisory, we break down the important details, then go in depth on the real world impact of these flaws.
Plus some great storage and networking question, a packed round up &amp; much, much more!1:50:11no<p>OpenSSL issues a major security advisory, we break down the important details, then go in depth on the real world impact of these flaws.</p>
<p>Plus some great storage and networking question, a packed round up &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/jDXUGw4LqTE" height="1" width="1" alt="">
OpenSSL issues a major security advisory, we break down the important details, then go in depth on the real world impact of these flaws.

Plus some great storage and networking question, a packed round up & much, much more!

]]>
OpenSSL issues a major security advisory, we break down the important details, then go in depth on the real world impact of these flaws.

Plus some great storage and networking question, a packed round up & much, much more!

]]>
Episode 255: Dip the Chip | TechSNAP 255https://techsnap.systems/255
07CB06D7-4A48-4B84-8C8E-FFD91E007F59Thu, 25 Feb 2016 17:50:44 -0800Jupiter BroadcastingfullJupiter BroadcastingWhat’s taking the states so long to catch up to the rest of the civilized world and dip the chip? Turns out it's really complicated, we explain. Plus keeping a Hospital secure is much more than following HIPAA, and an analysis of Keybase malware.1:38:29no<p>What’s taking the states so long to catch up to the rest of the civilized world and dip the chip? Turns out it's really complicated, we explain. Plus keeping a Hospital secure is much more than following HIPAA, and an analysis of Keybase malware.</p>
<p>Plus great questions, our answers, and much much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/64quK-ElMJg" height="1" width="1" alt="">
What’s taking the states so long to catch up to the rest of the civilized world and dip the chip? Turns out it's really complicated, we explain. Plus keeping a Hospital secure is much more than following HIPAA, and an analysis of Keybase malware.

Plus great questions, our answers, and much much more!

]]>
What’s taking the states so long to catch up to the rest of the civilized world and dip the chip? Turns out it's really complicated, we explain. Plus keeping a Hospital secure is much more than following HIPAA, and an analysis of Keybase malware.

Plus great questions, our answers, and much much more!

]]>
Episode 254: Weaponized Comic Sans | TechSNAP 254https://techsnap.systems/254
2E261630-4906-47E5-BD8B-F8BA29ED527CThu, 18 Feb 2016 19:02:46 -0800Jupiter BroadcastingfullJupiter BroadcastingA common vulnerability is impacting Firefox, LibreOffice, and others, the 7 problems with ATM security, and the Enterprise grade protection defeated with a batch script.
Plus some great questions, our answers, a rockin roundup, and much much more!1:37:15no<p>A common vulnerability is impacting Firefox, LibreOffice, and others, the 7 problems with ATM security, and the Enterprise grade protection defeated with a batch script.</p>
<p>Plus some great questions, our answers, a rockin roundup, and much much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/u9ObBaGwdRQ" height="1" width="1" alt="">
A common vulnerability is impacting Firefox, LibreOffice, and others, the 7 problems with ATM security, and the Enterprise grade protection defeated with a batch script.

Plus some great questions, our answers, a rockin roundup, and much much more!

]]>
A common vulnerability is impacting Firefox, LibreOffice, and others, the 7 problems with ATM security, and the Enterprise grade protection defeated with a batch script.

Plus some great questions, our answers, a rockin roundup, and much much more!

Plus great questions, our answers, a rockin round up & much, much more!

]]>
A new openSSL exploit, cyber security firm Norse implodes & the Windows Hot Potato flaw that’s been around for over a decade.

Plus great questions, our answers, a rockin round up & much, much more!

]]>
Episode 251: A Look Back On Feedback | TechSNAP 251https://techsnap.systems/251
6F986195-83BB-4135-9F4A-AE4814155B8DThu, 28 Jan 2016 08:10:18 -0800Jupiter BroadcastingfullJupiter BroadcastingSince Allan is off being fancy at FOSDEM, we decided that now would be a good time to celebrate the audience & feature some of the best feedback we've had over the years!1:20:32noSince Allan is off being fancy at FOSDEM, we decided that now would be a good time to celebrate the audience &amp; feature some of the best feedback we've had over the years!<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/e2--FgT9-D8" height="1" width="1" alt="">
Since Allan is off being fancy at FOSDEM, we decided that now would be a good time to celebrate the audience & feature some of the best feedback we've had over the years!]]>
Since Allan is off being fancy at FOSDEM, we decided that now would be a good time to celebrate the audience & feature some of the best feedback we've had over the years!]]>
Episode 250: Lights out Management | TechSNAP 250https://techsnap.systems/250
ED2E54C4-4762-4C5B-8A34-0D52D895DF46Thu, 21 Jan 2016 10:10:51 -0800Jupiter BroadcastingfullJupiter BroadcastingThe bizarre saga of Juniper maybe finally be coming to a conclusion, details about SLOTH, the latest SSL vulnerability that also affects IPSec and SSH & the attack on the Ukrainian power grid made possible by malware & much more!1:13:31no<p>The bizarre saga of Juniper maybe finally be coming to a conclusion, details about SLOTH, the latest SSL vulnerability that also affects IPSec and SSH &amp; the attack on the Ukrainian power grid made possible by malware.</p>
<p>Plus your questions with a special theme, a rockin roundup &amp; much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/4d313fFp7mw" height="1" width="1" alt="">
The bizarre saga of Juniper maybe finally be coming to a conclusion, details about SLOTH, the latest SSL vulnerability that also affects IPSec and SSH & the attack on the Ukrainian power grid made possible by malware.

Plus your questions with a special theme, a rockin roundup & much more!

]]>
The bizarre saga of Juniper maybe finally be coming to a conclusion, details about SLOTH, the latest SSL vulnerability that also affects IPSec and SSH & the attack on the Ukrainian power grid made possible by malware.

Plus your questions with a special theme, a rockin roundup & much more!

]]>
A Critical OpenSSH flaw can expose your private keys, a new WiFi spec for IoT devices, that has all the classic issues & Intel’s SkyLake bug.

Plus your feedback, our answers, a rockin’ round up & so much more!

]]>
Episode 248: Virtual Private Surveillance | TechSNAP 248https://techsnap.systems/248
2741557E-BB94-4D1B-B064-44185D0FFD3FThu, 07 Jan 2016 19:23:36 -0800Jupiter BroadcastingfullJupiter BroadcastingWe break down the Bicycle attack against SSL, the story of Brian Krebs’s PayPal account getting backed & the scoop on the Juniper Saga.
Plus some great questions, our answers, a news breaking round up & much more!1:36:52no<p>We break down the Bicycle attack against SSL, the story of Brian Krebs’s PayPal account getting backed &amp; the scoop on the Juniper Saga.</p>
<p>Plus some great questions, our answers, a news breaking round up &amp; much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/OBPncsWMCao" height="1" width="1" alt="">
We break down the Bicycle attack against SSL, the story of Brian Krebs’s PayPal account getting backed & the scoop on the Juniper Saga.

Plus some great questions, our answers, a news breaking round up & much more!

]]>
We break down the Bicycle attack against SSL, the story of Brian Krebs’s PayPal account getting backed & the scoop on the Juniper Saga.

Plus some great questions, our answers, a news breaking round up & much more!

]]>
Episode 247: Snappy New Year! | TechSNAP 247https://techsnap.systems/247
A79A834F-8C9D-48E2-AB06-448686D45C3CThu, 31 Dec 2015 08:13:45 -0800Jupiter BroadcastingfullJupiter BroadcastingWe take a look back at some of the big stories of 2015, at least, as we see it.
Plus the round up & more!2:13:19no<p>We take a look back at some of the big stories of 2015, at least, as we see it.</p>
<p>Plus the round up &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/ACN-V1nEZm8" height="1" width="1" alt="">
We take a look back at some of the big stories of 2015, at least, as we see it.

Plus the round up & more!

]]>
We take a look back at some of the big stories of 2015, at least, as we see it.

]]>
Meet BOOTTRASH the Malware that executes before your OS does, the hard questions you need to ask when buying a security appliance, Project Zero finds flaws in Fireeye hardware.

Plus some great audience questions, a big round up & much, much more!

]]>
Episode 244: Finding Nakamoto | TechSNAP 244https://techsnap.systems/244
75758C04-1396-473F-B390-9583356891C8Thu, 10 Dec 2015 20:00:22 -0800Jupiter BroadcastingfullJupiter BroadcastingBitcoin’s creator has been found again, we’ll cover what the media thinks they’ve figured out & what we really know.
Then, 'In Patches We Trust: Why Security Updates have to get better', a great batch of questions, a huge round up & much more!1:55:57no<p>Bitcoin’s creator has been found again, we’ll cover what the media thinks they’ve figured out &amp; what we really know.</p>
<p>Then, 'In Patches We Trust: Why Security Updates have to get better', a great batch of questions, a huge round up &amp; much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/EJhIw41VRAE" height="1" width="1" alt="">
Bitcoin’s creator has been found again, we’ll cover what the media thinks they’ve figured out & what we really know.

Then, 'In Patches We Trust: Why Security Updates have to get better', a great batch of questions, a huge round up & much more!

]]>
Bitcoin’s creator has been found again, we’ll cover what the media thinks they’ve figured out & what we really know.

Then, 'In Patches We Trust: Why Security Updates have to get better', a great batch of questions, a huge round up & much more!

]]>
Episode 243: SpyFi Barbie | TechSNAP 243https://techsnap.systems/243
8D0ED3B6-C20B-428C-A8F3-DD6AEF209938Thu, 03 Dec 2015 18:50:21 -0800Jupiter BroadcastingfullJupiter BroadcastingThe US Government is offering free penetration tests, with a catch, we break down the VTech Breakin & the only sure way to protect your credit online.
Plus great questions, a big round up with breaking news & much more!1:35:56no<p>The US Government is offering free penetration tests, with a catch, we break down the VTech Breakin &amp; the only sure way to protect your credit online.</p>
<p>Plus great questions, a big round up with breaking news &amp; much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/213RrR1u5DA" height="1" width="1" alt="">
The US Government is offering free penetration tests, with a catch, we break down the VTech Breakin & the only sure way to protect your credit online.

Plus great questions, a big round up with breaking news & much more!

]]>
The US Government is offering free penetration tests, with a catch, we break down the VTech Breakin & the only sure way to protect your credit online.

Plus great questions, a big round up with breaking news & much more!

]]>
Episode 242: A Keyboard Walks into a Barcode | TechSNAP 242https://techsnap.systems/242
9C3CCEE5-FB23-4CF7-BA69-4FE3A769DAD0Thu, 26 Nov 2015 08:56:23 -0800Jupiter BroadcastingfullJupiter BroadcastingA research team finds various ways to attack LastPass, how to use a cocktail of current Android exploits to own a device & hacking a point of sale system using poisoned barcodes!
Plus some great questions, our answers, a rockin roundup & much, much more!1:20:00no<p>A research team finds various ways to attack LastPass, how to use a cocktail of current Android exploits to own a device &amp; hacking a point of sale system using poisoned barcodes!</p>
<p>Plus some great questions, our answers, a rockin roundup &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/ri4ZPsUa8gk" height="1" width="1" alt="">
A research team finds various ways to attack LastPass, how to use a cocktail of current Android exploits to own a device & hacking a point of sale system using poisoned barcodes!

Plus some great questions, our answers, a rockin roundup & much, much more!

]]>
A research team finds various ways to attack LastPass, how to use a cocktail of current Android exploits to own a device & hacking a point of sale system using poisoned barcodes!

Plus some great questions, our answers, a rockin roundup & much, much more!

]]>
Episode 241: Double ROT-13 | TechSNAP 241https://techsnap.systems/241
F523090D-1ED4-4AF8-A255-86A476B48AA0Thu, 19 Nov 2015 17:05:59 -0800Jupiter BroadcastingfullJupiter BroadcastingEncryption & privacy took quite a beating this week in the wake of the Paris attacks. We come to its defense. Your ISP heard you like backdoors, so they put a backdoor in your backdoor, the story of the social RAT & more!1:26:54noEncryption &amp; privacy took quite a beating this week in the wake of the Paris attacks. We come to its defense. Your ISP heard you like backdoors, so they put a backdoor in your backdoor, the story of the social RAT &amp; more!<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/oho7WKbwUS0" height="1" width="1" alt="">
Encryption & privacy took quite a beating this week in the wake of the Paris attacks. We come to its defense. Your ISP heard you like backdoors, so they put a backdoor in your backdoor, the story of the social RAT & more!]]>
Encryption & privacy took quite a beating this week in the wake of the Paris attacks. We come to its defense. Your ISP heard you like backdoors, so they put a backdoor in your backdoor, the story of the social RAT & more!]]>
Episode 240: Zero-Days Of Our Lives | TechSNAP 240https://techsnap.systems/240
70C2B0BD-072A-4B74-AC91-7FA2156D91B1Thu, 12 Nov 2015 10:19:53 -0800Jupiter BroadcastingfullJupiter BroadcastingThe first remote administration trojan that targets Android, Linux, Mac and Windows. Joomla and vBulletin have major flaws & tips for protecting your online privacy from some very motivated public figures.
Plus great questions, a rockin' roundup & more!1:25:23no<p>The first remote administration trojan that targets Android, Linux, Mac and Windows. Joomla and vBulletin have major flaws &amp; tips for protecting your online privacy from some very motivated public figures.</p>
<p>Plus some great questions, a rockin' roundup &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/IoJXr5hiyUQ" height="1" width="1" alt="">
The first remote administration trojan that targets Android, Linux, Mac and Windows. Joomla and vBulletin have major flaws & tips for protecting your online privacy from some very motivated public figures.

Plus some great questions, a rockin' roundup & much, much more!

]]>
The first remote administration trojan that targets Android, Linux, Mac and Windows. Joomla and vBulletin have major flaws & tips for protecting your online privacy from some very motivated public figures.

Plus some great questions, a rockin' roundup & much, much more!

]]>
Episode 239: PLAID Falls Out of Fashion | TechSNAP 239https://techsnap.systems/239
C9434831-1151-4E4D-9694-7F9A094AD735Thu, 05 Nov 2015 07:51:13 -0800Jupiter BroadcastingfullJupiter BroadcastingCISA provides no solutions, just new excuses. The new Australian smartcard system is a total disaster & why Google’s URLs are so crazy.
Plus some great questions, our answers, a rockin' round up & much, much more!1:06:58no<p>CISA provides no solutions, just new excuses. The new Australian smartcard system is a total disaster &amp; why Google’s URLs are so crazy. </p>
<p>Plus some great questions, our answers, a rockin' round up &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/qMizG8dhJL8" height="1" width="1" alt="">
CISA provides no solutions, just new excuses. The new Australian smartcard system is a total disaster & why Google’s URLs are so crazy.

Plus some great questions, our answers, a rockin' round up & much, much more!

]]>
CISA provides no solutions, just new excuses. The new Australian smartcard system is a total disaster & why Google’s URLs are so crazy.

Plus some great questions, our answers, a rockin' round up & much, much more!

Plus a great batch of your questions, a rocking round up & much, much more!

]]>
Episode 237: A Rip in NTP | TechSNAP 237https://techsnap.systems/237
ACC8B0E9-AFC0-408B-A791-93299836F904Thu, 22 Oct 2015 19:34:12 -0700Jupiter BroadcastingfullJupiter BroadcastingThe OpenZFS summit just wrapped up and Allan shares the exciting new features coming to the file system, researchers warn about flaws in NTP & of course we've got some critical patches.
Plus a great batch of questions, a rockin' round up & much more!2:05:42no<p>The OpenZFS summit just wrapped up and Allan shares the exciting new features coming to the file system, researchers warn about flaws in NTP &amp; of course we've got some critical patches.</p>
<p>Plus a great batch of questions, a rockin' round up &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/gONiosdIHHw" height="1" width="1" alt="">
The OpenZFS summit just wrapped up and Allan shares the exciting new features coming to the file system, researchers warn about flaws in NTP & of course we've got some critical patches.

Plus a great batch of questions, a rockin' round up & much, much more!

]]>
The OpenZFS summit just wrapped up and Allan shares the exciting new features coming to the file system, researchers warn about flaws in NTP & of course we've got some critical patches.

Plus a great batch of questions, a rockin' round up & much, much more!

]]>
Episode 236: National Security Breaking Agency | TechSNAP 236https://techsnap.systems/236
785D8E9F-CBA3-4703-B5FD-E5E808071A3FThu, 15 Oct 2015 19:15:36 -0700Jupiter BroadcastingfullJupiter BroadcastingHow the NSA might be breaking Crypto, fresh zero day exploit against Flash with a twist & Keylogging before computers.
Plus a great batch of your questions, a rocking round-up & much more!1:51:02no<p>How the NSA might be breaking Crypto, fresh zero day exploit against Flash with a twist &amp; Keylogging before computers.</p>
<p>Plus a great batch of your questions, a rocking round-up &amp; much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/unjordjpII8" height="1" width="1" alt="">
How the NSA might be breaking Crypto, fresh zero day exploit against Flash with a twist & Keylogging before computers.

Plus a great batch of your questions, a rocking round-up & much more!

]]>
How the NSA might be breaking Crypto, fresh zero day exploit against Flash with a twist & Keylogging before computers.

]]>
Episode 230: Trojan Family Ties | TechSNAP 230https://techsnap.systems/230
BF9F8574-2B50-4F1A-BD7E-82BD9BFC1455Thu, 03 Sep 2015 07:37:57 -0700Jupiter BroadcastingfullJupiter BroadcastingRooting your Android device might be more dangerous than you realize, why the insurance industry will take over InfoSec & the NSA prepares for Quantum encryption.
Plus some great questions, a fantastic roundup & more!1:09:50no<p>Rooting your Android device might be more dangerous than you realize, why the insurance industry will take over InfoSec &amp; the NSA prepares for Quantum encryption.</p>
<p>Plus some great questions, a fantastic roundup &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/kkrz9S1rc0o" height="1" width="1" alt="">
Rooting your Android device might be more dangerous than you realize, why the insurance industry will take over InfoSec & the NSA prepares for Quantum encryption.

Plus some great questions, a fantastic roundup & more!

]]>
Rooting your Android device might be more dangerous than you realize, why the insurance industry will take over InfoSec & the NSA prepares for Quantum encryption.

Plus some great questions, a fantastic roundup & more!

]]>
Episode 229: Extortion Startups | TechSNAP 229https://techsnap.systems/229
ADCC8AAF-B246-48DC-AB8A-8392C83E4D55Thu, 27 Aug 2015 20:24:30 -0700Jupiter BroadcastingfullJupiter BroadcastingThe real fallout from the Ashley Madison hack gets personal. The Android StageFright patch that doesn’t cover all of the holes, and turning a KVM into a spying appliance.
Plus a great batch of questions, our answers, a rocking round up & more!1:44:24no<p>The real fallout from the Ashley Madison hack gets personal. The Android StageFright patch that doesn’t cover all of the holes, and turning a KVM into a spying appliance.</p>
<p>Plus a great batch of questions, our answers, and a rocking round up.</p>
<p>All that and a heck of a lot more on this week’s TechSNAP!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/3EOE4DyoxfM" height="1" width="1" alt="">
The real fallout from the Ashley Madison hack gets personal. The Android StageFright patch that doesn’t cover all of the holes, and turning a KVM into a spying appliance.

Plus a great batch of questions, our answers, and a rocking round up.

All that and a heck of a lot more on this week’s TechSNAP!

]]>
The real fallout from the Ashley Madison hack gets personal. The Android StageFright patch that doesn’t cover all of the holes, and turning a KVM into a spying appliance.

Plus a great batch of questions, our answers, and a rocking round up.

All that and a heck of a lot more on this week’s TechSNAP!

]]>
Episode 228: Export Grade Vulnerabilities | TechSNAP 228https://techsnap.systems/228
777466F2-F0F3-4569-9BF9-E8D3DA64DBD0Thu, 20 Aug 2015 10:03:43 -0700Jupiter BroadcastingfullJupiter BroadcastingLenovo & HP are caught injecting malware even after you format the drive, Ubiquiti Networks is socially engineered out of 46 million & are we entering the era of Security Research Prohibition? We debate. Plus your questions, the roundup & much, much more!1:12:27no<p>Lenovo &amp; HP are caught injecting malware even after you format the drive, Ubiquiti Networks is socially engineered out of 46 million &amp; are we entering the era of Security Research Prohibition? We debate.</p>
<p>Plus a great batch of your questions, our answers, a rocking round up &amp; much much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/34jKXDo3P9w" height="1" width="1" alt="">
Lenovo & HP are caught injecting malware even after you format the drive, Ubiquiti Networks is socially engineered out of 46 million & are we entering the era of Security Research Prohibition? We debate.

Plus a great batch of your questions, our answers, a rocking round up & much much more!

]]>
Lenovo & HP are caught injecting malware even after you format the drive, Ubiquiti Networks is socially engineered out of 46 million & are we entering the era of Security Research Prohibition? We debate.

Plus a great batch of your questions, our answers, a rocking round up & much much more!

]]>
Episode 227: Oracle's EULAgy #oraclefanfic | TechSNAP 227https://techsnap.systems/227
9969434A-E5A8-492A-B076-5E0EB6A994C0Thu, 13 Aug 2015 15:46:04 -0700Jupiter BroadcastingfullJupiter BroadcastingOracle really doesn’t want you to reverse engineer their products but they may have just released the Kraken, we’ll explain.
A massive drop of 35 fixes in one day, great feedback and follow up, a rockin roundup & much, much more!1:13:51no<p>Oracle really doesn’t want you to reverse engineer their products but they may have just released the Kraken, we’ll explain.</p>
<p>A massive drop of 35 fixes in one day, great feedback and follow up, a rockin roundup &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/MfyUNCvSnhk" height="1" width="1" alt="">
Oracle really doesn’t want you to reverse engineer their products but they may have just released the Kraken, we’ll explain.

A massive drop of 35 fixes in one day, great feedback and follow up, a rockin roundup & much, much more!

]]>
Oracle really doesn’t want you to reverse engineer their products but they may have just released the Kraken, we’ll explain.

A massive drop of 35 fixes in one day, great feedback and follow up, a rockin roundup & much, much more!

]]>
Episode 226: Solving the Flash Plague | TechSNAP 226https://techsnap.systems/226
CCE10EB8-58A2-4459-A8E4-55D0454233A4Fri, 07 Aug 2015 08:37:15 -0700Jupiter BroadcastingfullJupiter BroadcastingAdobe is making changes to Flash to mitigate 0day exploits, with help from Google. Chrysler recalls 1.4M vehicles due to a software flaw, we go inside the “Business Club” cyber crime gang.
Plus a great batch of questions, the roundup & more!1:23:43no<p>Adobe is making changes to Flash to mitigate 0day exploits, with help from Google. Chrysler recalls 1.4M vehicles due to a software flaw, we go inside the “Business Club” cyber crime gang.</p>
<p>Plus a great batch of questions, the roundup &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/vQ7afhrIvv4" height="1" width="1" alt="">
Adobe is making changes to Flash to mitigate 0day exploits, with help from Google. Chrysler recalls 1.4M vehicles due to a software flaw, we go inside the “Business Club” cyber crime gang.

Plus a great batch of questions, the roundup & more!

]]>
Adobe is making changes to Flash to mitigate 0day exploits, with help from Google. Chrysler recalls 1.4M vehicles due to a software flaw, we go inside the “Business Club” cyber crime gang.

Plus a great batch of questions, the roundup & more!

]]>
Episode 225: SourceForge's Downfall | TechSNAP 225https://techsnap.systems/225
F56BF4E3-994E-411D-B81E-3D71CCB83E95Thu, 30 Jul 2015 18:07:22 -0700Jupiter BroadcastingfullJupiter BroadcastingSourceForge sees downtime, and we examine their infrastructure, a new pervasive hackgroup has been exposed and their track record is fascinating.
Plus a Hacking Team Round up, a wide variety of audience questions, our answers & much, much more!1:04:45no<p>SourceForge sees downtime, and we examine their infrastructure, a new pervasive hackgroup has been exposed and their track record is fascinating.</p>
<p>Plus a Hacking Team Round up, a wide variety of audience questions, our answers &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/GyLVt0Iw0Ns" height="1" width="1" alt="">
SourceForge sees downtime, and we examine their infrastructure, a new pervasive hackgroup has been exposed and their track record is fascinating.

]]>
Episode 224: Butterflies & Backronyms | TechSNAP 224https://techsnap.systems/224
9C8DEB20-F4DC-4950-9C20-A6AF63FF5CCBThu, 23 Jul 2015 10:47:37 -0700Jupiter BroadcastingfullJupiter BroadcastingThe Backronym vulnerability hits MySQL right in the SSL protection, we’ll share the details. The hacker Group that hit Apple & Microsoft intensifies their attacks, a survey shows many core Linux tools are at risk & much, much more!1:10:25no<p>The Backronym vulnerability hits MySQL right in the SSL protection, we’ll share the details. The hacker Group that hit Apple &amp; Microsoft intensifies their attacks &amp; a survey shows many core Linux tools are at risk. </p>
<p>Plus some great questions, a rockin' roundup &amp; much much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/Hrx_6xBWkXo" height="1" width="1" alt="">
The Backronym vulnerability hits MySQL right in the SSL protection, we’ll share the details. The hacker Group that hit Apple & Microsoft intensifies their attacks & a survey shows many core Linux tools are at risk.

Plus some great questions, a rockin' roundup & much much more!

]]>
The Backronym vulnerability hits MySQL right in the SSL protection, we’ll share the details. The hacker Group that hit Apple & Microsoft intensifies their attacks & a survey shows many core Linux tools are at risk.

Plus some great questions, a rockin' roundup & much much more!

]]>
Episode 223: A Bias to Insecurity | TechSNAP 223https://techsnap.systems/223
A847AE0A-F23C-4A84-AFE0-5D3C68BF1500Thu, 16 Jul 2015 16:57:24 -0700Jupiter BroadcastingfullJupiter BroadcastingThe Hacking Team fallout continues with more zero day patches you need to install, a new attack against RC4 might finally kill it & how to save yourself from a DDoS attack.
Plus a great batch of your questions, our answers & much, much more!1:22:12no<p>The Hacking Team fallout continues with more zero day patches you need to install, a new attack against RC4 might finally kill it &amp; how to save yourself from a DDoS attack.</p>
<p>Plus a great batch of your questions, our answers &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/AP8VAxHIq08" height="1" width="1" alt="">
The Hacking Team fallout continues with more zero day patches you need to install, a new attack against RC4 might finally kill it & how to save yourself from a DDoS attack.

Plus a great batch of your questions, our answers & much, much more!

]]>
The Hacking Team fallout continues with more zero day patches you need to install, a new attack against RC4 might finally kill it & how to save yourself from a DDoS attack.

Plus, a new OpenSSL vulnerability revealed, Apple tweaks their two factor authentication.. Your questions, our answers & much much more!

]]>
From hacking to hacked, hacking team gets owned & what gets leaked is the best part, we’ll share the details.

Plus, a new OpenSSL vulnerability revealed, Apple tweaks their two factor authentication.. Your questions, our answers & much much more!

]]>
Episode 221: Ripping me a new Protocol | TechSNAP 221https://techsnap.systems/221
7281412A-3455-45D5-B9E1-674BD871F50EThu, 02 Jul 2015 20:08:21 -0700Jupiter BroadcastingfullJupiter BroadcastingAmazon has a new TLS implementation & the details look great, we’ll share them with you. The technology that powers the NSA’s XKEYSCORE you could have deployed yourself.
Some fantastic questions, a big round up & much, much more!1:48:29no<p>Amazon has a new TLS implementation &amp; the details look great, we’ll share them with you. The technology that powers the NSA’s XKEYSCORE you could have deployed yourself.</p>
<p>Some fantastic questions, a big round up &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/g0CCsqAPVtU" height="1" width="1" alt="">
Amazon has a new TLS implementation & the details look great, we’ll share them with you. The technology that powers the NSA’s XKEYSCORE you could have deployed yourself.

Some fantastic questions, a big round up & much, much more!

]]>
Amazon has a new TLS implementation & the details look great, we’ll share them with you. The technology that powers the NSA’s XKEYSCORE you could have deployed yourself.

Some fantastic questions, a big round up & much, much more!

]]>
Episode 220: Homeland Insecurity | TechSNAP 220https://techsnap.systems/220
AF7A9CEA-0104-4361-877C-E889EB8284D0Thu, 25 Jun 2015 19:05:38 -0700Jupiter BroadcastingfullJupiter BroadcastingGoogle’s datacenter secrets are finally being revealed & we’ll share the best bits. Why The US Government is in no position to teach anyone about Cyber Security, how you can still get hacked offline, Great questions, a huge round up & much, much more!1:28:04noGoogle’s datacenter secrets are finally being revealed &amp; we’ll share the best bits. Why The US Government is in no position to teach anyone about Cyber Security, how you can still get hacked offline, A batch of great questions, a huge round up &amp; much, much more!<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/aV6B6-DrUaA" height="1" width="1" alt="">
Google’s datacenter secrets are finally being revealed & we’ll share the best bits. Why The US Government is in no position to teach anyone about Cyber Security, how you can still get hacked offline, A batch of great questions, a huge round up & much, much more!]]>
Google’s datacenter secrets are finally being revealed & we’ll share the best bits. Why The US Government is in no position to teach anyone about Cyber Security, how you can still get hacked offline, A batch of great questions, a huge round up & much, much more!]]>
Episode 219: OPM Data too Valuable to Sell | TechSNAP 219https://techsnap.systems/219
87540137-B9F2-4A78-8C29-754E71985A77Thu, 18 Jun 2015 19:14:26 -0700Jupiter BroadcastingfullJupiter BroadcastingKaspersky labs has been hacked, we’ll tell you why it looks like a nation state was the attacker, why OPM data is too valuable sell & the real situation with LastPass.
Plus some great questions, our answers & a rocking round up.1:44:07no<p>Kaspersky labs has been hacked, we’ll tell you why it looks like a nation state was the attacker, why OPM data is too valuable sell &amp; the real situation with LastPass.</p>
<p>Plus some great questions, our answers &amp; a rocking round up.</p>
<p>All that and much, much more on this week’s TechSNAP!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/UF2nfgGlX7k" height="1" width="1" alt="">
Kaspersky labs has been hacked, we’ll tell you why it looks like a nation state was the attacker, why OPM data is too valuable sell & the real situation with LastPass.

Plus some great questions, our answers & a rocking round up.

All that and much, much more on this week’s TechSNAP!

]]>
Kaspersky labs has been hacked, we’ll tell you why it looks like a nation state was the attacker, why OPM data is too valuable sell & the real situation with LastPass.

]]>
This week, how hard lessons learned in 1982 could be apply to 2015’s security breaches, hacking for hire goes big & a savage sentient car that needs better programming.

Plus some fantastic questions, a rocking round-up & much more!

]]>
Episode 217: An Encryptioner's Conscience | TechSNAP 217https://techsnap.systems/217
7EAB3C29-10F8-4647-9517-1CD0C36D8235Thu, 04 Jun 2015 18:41:58 -0700Jupiter BroadcastingfullJupiter BroadcastingThe sad state of SMTP encryption, a new huge round of flaws has been found in consumer routers & the reviews of Intel’s new Broadwell desktop processors are in!
Plus some great questions, a huge round-up & much, much more!1:44:56no<p>The sad state of SMTP encryption, a new huge round of flaws has been found in consumer routers &amp; the reviews of Intel’s new Broadwell desktop processors are in!</p>
<p>Plus some great questions, a huge round-up &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/O4M6XkSP6EI" height="1" width="1" alt="">
The sad state of SMTP encryption, a new huge round of flaws has been found in consumer routers & the reviews of Intel’s new Broadwell desktop processors are in!

Plus some great questions, a huge round-up & much, much more!

]]>
The sad state of SMTP encryption, a new huge round of flaws has been found in consumer routers & the reviews of Intel’s new Broadwell desktop processors are in!

Plus a great batch of questions, a rocking round up & much, much more!

]]>
Episode 215: EXTenuating Circumstances | TechSNAP 215https://techsnap.systems/215
3E1A0E82-9540-4C50-8C8E-F6D9D1B4A2BCThu, 21 May 2015 16:52:08 -0700Jupiter BroadcastingfullJupiter BroadcastingResearches have uncovered a weakness in almost all Internet encryption. We’ll explain what LogJam is, how to protect yourself & what the cause is.
Plus Linux gets bit by a filesystem corruption bug, passport id thieves, a great batch of questions & more!1:26:49no<p>Researches have uncovered a weakness in almost all Internet encryption. We’ll explain what LogJam is, how to protect yourself &amp; what the cause is.</p>
<p>Linux gets bit by a filesystem corruption bug, passport id thieves, a great batch of questions &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/V0RvTBpQPIs" height="1" width="1" alt="">
Researches have uncovered a weakness in almost all Internet encryption. We’ll explain what LogJam is, how to protect yourself & what the cause is.

Linux gets bit by a filesystem corruption bug, passport id thieves, a great batch of questions & much, much more!

]]>
Researches have uncovered a weakness in almost all Internet encryption. We’ll explain what LogJam is, how to protect yourself & what the cause is.

Linux gets bit by a filesystem corruption bug, passport id thieves, a great batch of questions & much, much more!

]]>
Episode 214: Venomous Floppy Legacy | TechSNAP 214https://techsnap.systems/214
E04ADA41-CC10-4363-8A68-8D9CB863D482Thu, 14 May 2015 19:51:07 -0700Jupiter BroadcastingfullJupiter BroadcastingWe explain the Venom vulnerability, what the impact is & the steps major providers are taking to protect themselves.
Plus strategies to mitigate Cyber Intrusions, a truly genius spammer, great questions, a huge round up & more!1:50:26no<p>We explain the Venom vulnerability, what the impact is &amp; the steps major providers are taking to protect themselves. </p>
<p>Plus strategies to mitigate Cyber Intrusions, a truly genius spammer, great questions, a huge round up &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/ljfLPZ6-cqc" height="1" width="1" alt="">
We explain the Venom vulnerability, what the impact is & the steps major providers are taking to protect themselves.

]]>
Episode 213: Blame as a Service | TechSNAP 213https://techsnap.systems/213
8966B174-71FB-4B0E-8A28-B8070A65D063Thu, 07 May 2015 18:45:37 -0700Jupiter BroadcastingfullJupiter BroadcastingWhy a stolen healthcare record is harder to track than you might think, Security pros name their must have tools & blame as a service, the new Cybersecurity hot product.
Plus great questions, a huge Round Up & much, much more!1:38:16no<p>Why a stolen healthcare record is harder to track than you might think, Security pros name their must have tools &amp; blame as a service, the new Cybersecurity hot product.</p>
<p>Plus great questions, a huge Round Up &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/-x_Ec2dxHh8" height="1" width="1" alt="">
Why a stolen healthcare record is harder to track than you might think, Security pros name their must have tools & blame as a service, the new Cybersecurity hot product.

Plus great questions, a huge Round Up & much, much more!

]]>
Why a stolen healthcare record is harder to track than you might think, Security pros name their must have tools & blame as a service, the new Cybersecurity hot product.

Plus great questions, a huge Round Up & much, much more!

]]>
Episode 212: Dormant Docker Disasters | TechSNAP 212https://techsnap.systems/212
FAED937D-50A8-49CE-AC43-FE5E6E3C3CA2Thu, 30 Apr 2015 11:36:22 -0700Jupiter BroadcastingfullJupiter BroadcastingThe man who broke the music business, the major downsides to the container culture & yes, they really are trying to sell you Security Snake Oil.
Plus your great questions, our answers & much, much more!1:33:35no<p>The man who broke the music business, the major downsides to the container culture &amp; yes, they really are trying to sell you Security Snake Oil.</p>
<p>Plus your great questions, our answers &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/xXGslY169Mk" height="1" width="1" alt="">
The man who broke the music business, the major downsides to the container culture & yes, they really are trying to sell you Security Snake Oil.

Plus your great questions, our answers & much, much more!

]]>
The man who broke the music business, the major downsides to the container culture & yes, they really are trying to sell you Security Snake Oil.

Plus your great questions, our answers & much, much more!

]]>
Episode 211: The French Disconnection | TechSNAP 211https://techsnap.systems/211
EF12EFC5-45DB-4913-9272-B299CA2CA4A9Fri, 24 Apr 2015 02:17:34 -0700Jupiter BroadcastingfullJupiter BroadcastingWhat’s really the key to detecting a breach before its become much too late? We’ll share some key insights, plus a technical breakdown of China’s great cannon & the new New French Surveillance Law that should be a warning to us all & much, much more!1:47:00no<p>What’s really the key to detecting a breach before its become much too late? We’ll share some key insights, plus a technical breakdown of China’s great cannon &amp; the new New French Surveillance Law that should be a warning to us all.</p>
<p>Plus a great round up, fantastic questions, our answers &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/a-5XpvEKp1k" height="1" width="1" alt="">
What’s really the key to detecting a breach before its become much too late? We’ll share some key insights, plus a technical breakdown of China’s great cannon & the new New French Surveillance Law that should be a warning to us all.

]]>
What’s really the key to detecting a breach before its become much too late? We’ll share some key insights, plus a technical breakdown of China’s great cannon & the new New French Surveillance Law that should be a warning to us all.

]]>
Episode 210: SMBTrapped in Microsoft | TechSNAP 210https://techsnap.systems/210
69AEB932-C1E9-449A-8D0E-2B26B6F0684FThu, 16 Apr 2015 20:03:17 -0700Jupiter BroadcastingfullJupiter BroadcastingResearches find an 18 year old bug in Windows thats rather nasty, we’ve got the details. A new perspective on the bug bounty arms race & the security impact of Wifi on a plane.
Plus great feedback, a bursting round up & much much more!1:23:53no<p>Researches find an 18 year old bug in Windows thats rather nasty, we’ve got the details. A new perspective on the bug bounty arms race &amp; the security impact of Wifi on a plane.</p>
<p>Plus great feedback, a bursting round up &amp; much much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/LFrmboZeXQE" height="1" width="1" alt="">
Researches find an 18 year old bug in Windows thats rather nasty, we’ve got the details. A new perspective on the bug bounty arms race & the security impact of Wifi on a plane.

Plus great feedback, a bursting round up & much much more!

]]>
Researches find an 18 year old bug in Windows thats rather nasty, we’ve got the details. A new perspective on the bug bounty arms race & the security impact of Wifi on a plane.

Plus a great batch of your questions, a rocking round up, and much, much more!

]]>
Is it possible to make a truly private phone call anymore? The answer might surprise you. Cisco and Level 3 battle a huge SSH botnet & how to Build a successful Information Security career.

Plus a great batch of your questions, a rocking round up, and much, much more!

]]>
Episode 208: Any Cert Will Do | TechSNAP 208https://techsnap.systems/208
9BB34B95-1EA5-4B32-9B61-5D919EDC03D7Thu, 02 Apr 2015 17:53:44 -0700Jupiter BroadcastingfullJupiter BroadcastingWhy boring technology might be the better choice, Google revokes & China chokes, why you want to create an account at irs.gov before crooks do it for you.
Plus your great IT questions, a rocking round up & much, much more!1:23:13no<p>Why boring technology might be the better choice, Google revokes &amp; China chokes, why you want to create an account at irs.gov before crooks do it for you.</p>
<p>Plus your great IT questions, a rocking round up &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/Z3PMI8E_iSE" height="1" width="1" alt="">
Why boring technology might be the better choice, Google revokes & China chokes, why you want to create an account at irs.gov before crooks do it for you.

Plus your great IT questions, a rocking round up & much, much more!

]]>
Why boring technology might be the better choice, Google revokes & China chokes, why you want to create an account at irs.gov before crooks do it for you.

Plus your great IT questions, a rocking round up & much, much more!

]]>
Episode 207: Lunch Lady Lockdown | TechSNAP 207https://techsnap.systems/207
B2F3CC53-6940-412C-A3F0-2F592AC736E1Thu, 26 Mar 2015 19:40:35 -0700Jupiter BroadcastingfullJupiter BroadcastingReverse Engineering Incentives to Improve Security. New Jersey school district computers held for ransom & the flash bug that lives on from 2011 with a twist!
Plus some great networking questions, drone powered Internet & more!1:26:32no<p>Reverse Engineering Incentives to Improve Security. New Jersey school district computers held for ransom &amp; the flash bug that lives on from 2011 with a twist!</p>
<p>Plus some great networking questions, drone powered Internet &amp; more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/Sxc9Mj3zTdM" height="1" width="1" alt="">
Reverse Engineering Incentives to Improve Security. New Jersey school district computers held for ransom & the flash bug that lives on from 2011 with a twist!

Plus some great networking questions, drone powered Internet & more!

]]>
Reverse Engineering Incentives to Improve Security. New Jersey school district computers held for ransom & the flash bug that lives on from 2011 with a twist!

Plus some great networking questions, drone powered Internet & more!

]]>
Episode 206: Two Factor Falsification | TechSNAP 206https://techsnap.systems/206
0D0A04E1-44D7-4D42-A8F6-1A42ECC8D70CThu, 19 Mar 2015 20:02:12 -0700Jupiter BroadcastingfullJupiter BroadcastingMicrosoft takes 4 years to fix a nasty bug, how to bypass 2 factor authentication in the popular ‘Authy’ app.
Hijacking a domain with photoshop, hardware vs software RAID revisited, tons of great questions, our answers & much much more!1:39:30no<p>Microsoft takes 4 years to fix a nasty bug, how to bypass 2 factor authentication in the popular ‘Authy’ app.</p>
<p>Hijacking a domain with photoshop, hardware vs software RAID revisited, tons of great questions, our answers &amp; much much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/nnzO3_kGt-o" height="1" width="1" alt="">
Microsoft takes 4 years to fix a nasty bug, how to bypass 2 factor authentication in the popular ‘Authy’ app.

Hijacking a domain with photoshop, hardware vs software RAID revisited, tons of great questions, our answers & much much more!

]]>
Microsoft takes 4 years to fix a nasty bug, how to bypass 2 factor authentication in the popular ‘Authy’ app.

Hijacking a domain with photoshop, hardware vs software RAID revisited, tons of great questions, our answers & much much more!

]]>
Episode 205: An Uber Mess | TechSNAP 205https://techsnap.systems/205
E91A0B80-BB82-4953-A9D4-5C0A9BF9952DThu, 12 Mar 2015 09:56:00 -0700Jupiter BroadcastingfullJupiter BroadcastingUsing encryption is a good thing, but its just the start, we’ll explain. Plus how one developer totally owned the Uber app.
Then it’s a great batch of your questions & our answers!1:03:48no<p>Using encryption is a good thing, but its just the start, we’ll explain. Plus how one developer totally owned the Uber app.</p>
<p>Then it’s a great batch of your questions &amp; our answers!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/GNdOxEm27pc" height="1" width="1" alt="">
Using encryption is a good thing, but its just the start, we’ll explain. Plus how one developer totally owned the Uber app.

Then it’s a great batch of your questions & our answers!

]]>
Using encryption is a good thing, but its just the start, we’ll explain. Plus how one developer totally owned the Uber app.

Then it’s a great batch of your questions & our answers!

]]>
Episode 204: Ghost of Crypto Past | TechSNAP 204https://techsnap.systems/204
410EB629-FB86-4CDC-B8C0-3250F19E0E97Thu, 05 Mar 2015 17:54:51 -0800Jupiter BroadcastingfullJupiter BroadcastingWe’ll break down the technical baggage that led to the new FREAK SSL flaw & the security ramifications of top executives using personal email accounts…
Plus why just need to stop hiding file extensions. Plus some great feedback & much, much more!1:38:11no<p>We’ll break down the technical baggage that led to the new FREAK SSL flaw &amp; the security ramifications of top executives using personal email accounts…</p>
<p>Plus why just need to stop hiding file extensions. Plus some great feedback &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/WcDYHGVeInw" height="1" width="1" alt="">
We’ll break down the technical baggage that led to the new FREAK SSL flaw & the security ramifications of top executives using personal email accounts…

]]>
Episode 203: TurboHax | TechSNAP 203https://techsnap.systems/203
DBEF5DB6-48D5-438E-980B-297C84CE813FThu, 26 Feb 2015 21:15:28 -0800Jupiter BroadcastingfullJupiter BroadcastingLenovo & Google are victims of DNS hijacking, we’ll share the details, Everyone wants you to secure your data, just not from them & how Turbotax profits from Cyber tax fraud!
Plus a great batch of your questions, a fantastic round up & much, much more!1:47:17no<p>Lenovo &amp; Google are victims of DNS hijacking, we’ll share the details, Everyone wants you to secure your data, just not from them &amp; how Turbotax profits from Cyber tax fraud!</p>
<p>Plus a great batch of your questions, a fantastic round up &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/sAKAKnOtB4A" height="1" width="1" alt="">
Lenovo & Google are victims of DNS hijacking, we’ll share the details, Everyone wants you to secure your data, just not from them & how Turbotax profits from Cyber tax fraud!

Plus a great batch of your questions, a fantastic round up & much, much more!

]]>
Lenovo & Google are victims of DNS hijacking, we’ll share the details, Everyone wants you to secure your data, just not from them & how Turbotax profits from Cyber tax fraud!

Plus a great batch of your questions, a fantastic round up & much, much more!

]]>
Episode 202: SuperFishy Mistake | TechSNAP 202https://techsnap.systems/202
5C937351-557D-46C3-9620-5BFCC6A6964DThu, 19 Feb 2015 17:29:15 -0800Jupiter BroadcastingfullJupiter BroadcastingLenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections, we’ll break down how this is possible, the danger that still exists & more.
Plus the story of a billion dollar cyber heist anyone could pull off, the Equation group & much more!1:11:57no<p>Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections, we’ll break down how this is possible, the danger that still exists &amp; more.</p>
<p>Plus the story of a billion dollar cyber heist anyone could pull off, the Equation group, your questions, our answers &amp; much much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/ver-RlX7V3A" height="1" width="1" alt="">
Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections, we’ll break down how this is possible, the danger that still exists & more.

Plus the story of a billion dollar cyber heist anyone could pull off, the Equation group, your questions, our answers & much much more!

]]>
Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections, we’ll break down how this is possible, the danger that still exists & more.

Plus the story of a billion dollar cyber heist anyone could pull off, the Equation group, your questions, our answers & much much more!

]]>
Episode 201: Group Problemcy | TechSNAP 201https://techsnap.systems/201
833C5608-467C-4F68-BADF-E288D6BD7DB1Thu, 12 Feb 2015 19:07:53 -0800Jupiter BroadcastingfullJupiter BroadcastingA 20 year old design flaw in Windows has just been patched & it requires some major re-working of the software. Attackers compromise Forbes.com & why Facebook’s new ThreatExchange platform could be a great idea.1:34:06no<p>A 20 year old design flaw in Windows has just been patched &amp; it requires some major re-working of the software. Attackers compromise Forbes.com &amp; why Facebook’s new ThreatExchange platform could be a great idea.</p>
<p>Plus a great batch of feedback, our answers &amp; much much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/r9Uc6ICSZNg" height="1" width="1" alt="">
A 20 year old design flaw in Windows has just been patched & it requires some major re-working of the software. Attackers compromise Forbes.com & why Facebook’s new ThreatExchange platform could be a great idea.

Plus a great batch of feedback, our answers & much much more!

]]>
A 20 year old design flaw in Windows has just been patched & it requires some major re-working of the software. Attackers compromise Forbes.com & why Facebook’s new ThreatExchange platform could be a great idea.

Plus a great batch of feedback, our answers & much much more!

]]>
Episode 200: Your TechSNAP Story | TechSNAP 200https://techsnap.systems/200
E4F74996-8A43-4FA0-A278-3129AAC2A67FThu, 05 Feb 2015 19:51:18 -0800Jupiter BroadcastingfullJupiter BroadcastingA new major security breach at a large health insurance firm could expose 10s of millions, a phone phishing scam anyone could fall for & we celebrate our 200th episode with your TechSNAP stories.
Then its a storage spectacular Q&A & much, much more!1:39:25no<p>A new major security breach at a large health insurance firm could expose 10s of millions, a phone phishing scam anyone could fall for &amp; we celebrate our 200th episode with your TechSNAP stories.</p>
<p>Then its a storage spectacular Q&amp;A &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/9TlzU9ufgQA" height="1" width="1" alt="">
A new major security breach at a large health insurance firm could expose 10s of millions, a phone phishing scam anyone could fall for & we celebrate our 200th episode with your TechSNAP stories.

Then its a storage spectacular Q&A & much, much more!

]]>
A new major security breach at a large health insurance firm could expose 10s of millions, a phone phishing scam anyone could fall for & we celebrate our 200th episode with your TechSNAP stories.

Then its a storage spectacular Q&A & much, much more!

]]>
Episode 199: Internet of Problems | TechSNAP 199https://techsnap.systems/199
F42D877B-E652-45C4-A06E-D526EB3BAEB0Thu, 29 Jan 2015 18:56:32 -0800Jupiter BroadcastingfullJupiter BroadcastingThe internet of dangerous things is arriving but what about taking care of the devices we already have?
Plus details on critical updates from Adobe, the surprising number of Gas Stations vulnerable to exploitation via the internet & much, much more!1:24:34no<p>The internet of dangerous things is arriving but what about taking care of the devices we already have? We’ll discuss! </p>
<p>Plus details on critical updates from Adobe, the surprising number of Gas Stations vulnerable to exploitation via the internet, your questions, our answers &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/nLAj-eNHY3M" height="1" width="1" alt="">
The internet of dangerous things is arriving but what about taking care of the devices we already have? We’ll discuss!

]]>
Episode 198: Dude Where's My Card? | TechSNAP 198https://techsnap.systems/198
FF3C8952-6100-4E18-B6BD-27E24BC80B69Thu, 22 Jan 2015 21:17:32 -0800Jupiter BroadcastingfullJupiter BroadcastingAdobe has a bad week, with exploits in the wild & no patch. We’ll share the details. Had your credit card stolen? We’ll tell you how.
Plus the harsh reality for IT departments, a great batch of questions, our answers & much much more!1:44:56no<p>Adobe has a bad week, with exploits in the wild &amp; no patch. We’ll share the details. Had your credit card stolen? We’ll tell you how.</p>
<p>Plus the harsh reality for IT departments, a great batch of questions, our answers &amp; much much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/Dv0qRXGN-qo" height="1" width="1" alt="">
Adobe has a bad week, with exploits in the wild & no patch. We’ll share the details. Had your credit card stolen? We’ll tell you how.

Plus the harsh reality for IT departments, a great batch of questions, our answers & much much more!

]]>
Adobe has a bad week, with exploits in the wild & no patch. We’ll share the details. Had your credit card stolen? We’ll tell you how.

Plus the harsh reality for IT departments, a great batch of questions, our answers & much much more!

]]>
Episode 197: Patch and Notify | TechSNAP 197https://techsnap.systems/197
9B822D20-CBBF-4C25-990C-C1A039BBFCC6Thu, 15 Jan 2015 22:26:51 -0800Jupiter BroadcastingfullJupiter BroadcastingBeen putting off that patch? This week we’ll cover how an out of date Joomla install led to a massive breach, Microsoft and Google spar over patch disclosures, picking the right security question & more!2:01:07no<p>Been putting off that patch? This week we’ll cover how an out of date Joomla install led to a massive breach, Microsoft and Google spar over patch disclosures &amp; picking the right security question...</p>
<p>Plus a great batch of your feedback, a rocking round up &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/dHYD0LW8hqU" height="1" width="1" alt="">
Been putting off that patch? This week we’ll cover how an out of date Joomla install led to a massive breach, Microsoft and Google spar over patch disclosures & picking the right security question...

Plus a great batch of your feedback, a rocking round up & much, much more!

]]>
Been putting off that patch? This week we’ll cover how an out of date Joomla install led to a massive breach, Microsoft and Google spar over patch disclosures & picking the right security question...

Plus a great batch of your feedback, a rocking round up & much, much more!

]]>
Episode 196: Sony’s Hard Lessons | TechSNAP 196https://techsnap.systems/196
220FD560-AB34-42B7-81E3-537B194A74C9Thu, 08 Jan 2015 19:45:48 -0800Jupiter BroadcastingfullJupiter BroadcastingWe reflect on the lessons learned from the Sony Hack & discuss some of the tools used to own their network.
Plus a overview of what makes up a filesystem, a run down of the Bacula backup system & much more!
1:45:51no<p>We reflect on the lessons learned from the Sony Hack &amp; discuss some of the tools used to own their network.</p>
<p>Plus a overview of what makes up a filesystem, a run down of the Bacula backup system &amp; much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/OoAeMNjNtZw" height="1" width="1" alt="">
We reflect on the lessons learned from the Sony Hack & discuss some of the tools used to own their network.

Plus a overview of what makes up a filesystem, a run down of the Bacula backup system & much more!

]]>
We reflect on the lessons learned from the Sony Hack & discuss some of the tools used to own their network.

Plus a overview of what makes up a filesystem, a run down of the Bacula backup system & much more!

]]>
Episode 195: Cloudy With a Chance of SSL | TechSNAP 195https://techsnap.systems/195
03BE94A1-C43D-4CE3-B534-683C04B8A916Thu, 01 Jan 2015 11:54:47 -0800Jupiter BroadcastingfullJupiter BroadcastingWe go inside the epic takedown of SpamHaus, then we break down why CloudFlare’s Flexible SSL is the opposite of security.
Followed by a great batch of questions, our answers & much much more!1:09:20no<p>We go inside the epic takedown of SpamHaus, then we break down why CloudFlare’s Flexible SSL is the opposite of security.</p>
<p>Followed by a great batch of questions, our answers &amp; much much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/arhcRuIverk" height="1" width="1" alt="">
We go inside the epic takedown of SpamHaus, then we break down why CloudFlare’s Flexible SSL is the opposite of security.

Followed by a great batch of questions, our answers & much much more!

]]>
We go inside the epic takedown of SpamHaus, then we break down why CloudFlare’s Flexible SSL is the opposite of security.

Followed by a great batch of questions, our answers & much much more!

]]>
Episode 194: Best Of TechSNAP 2014 | TechSNAP 194https://techsnap.systems/194
F58A0515-A7D0-457C-832E-D41086DF0B45Thu, 25 Dec 2014 13:39:47 -0800Jupiter BroadcastingfullJupiter BroadcastingWe look back at this year in TechSNAP. Allan shares his war stories, TrueCrypt shuts down, Heartbleed happens & more!1:40:52noWe look back at this year in TechSNAP. Allan shares his war stories, TrueCrypt shuts down, Heartbleed happens &amp; more!<img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/tOwDWNQZlfI" height="1" width="1" alt="">
We look back at this year in TechSNAP. Allan shares his war stories, TrueCrypt shuts down, Heartbleed happens & more!]]>
We look back at this year in TechSNAP. Allan shares his war stories, TrueCrypt shuts down, Heartbleed happens & more!]]>
Episode 193: Don’t Fire IT | TechSNAP 193https://techsnap.systems/193
7D37360F-5254-4895-8E17-D106879873C3Thu, 18 Dec 2014 18:54:47 -0800Jupiter BroadcastingfullJupiter Broadcasting More and more data breaches are leading to blackmail but the stats don’t tell the whole story. We’ll explain. Plus the latest in the Sony hack, and the wider reaction. Plus a great batch of emails & much, much more!1:33:10no<p>More and more data breaches are leading to blackmail but the stats don’t tell the whole story. We’ll explain.</p>
<p>Plus the latest in the Sony hack, and the wider reaction. Plus a great batch of emails &amp; much, much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/UnRwTZONlG0" height="1" width="1" alt="">
More and more data breaches are leading to blackmail but the stats don’t tell the whole story. We’ll explain.

Plus the latest in the Sony hack, and the wider reaction. Plus a great batch of emails & much, much more!

]]>
More and more data breaches are leading to blackmail but the stats don’t tell the whole story. We’ll explain.

Plus the latest in the Sony hack, and the wider reaction. Plus a great batch of emails & much, much more!

]]>
Episode 192: Signed by Sony | TechSNAP 192https://techsnap.systems/192
868A8960-FD9B-40BE-8923-918EC18F496FThu, 11 Dec 2014 18:52:43 -0800Jupiter BroadcastingfullJupiter Broadcasting If we could rebuild the Internet from scratch, what would we change? It’s more than just a thought experiment. We’ll share the details about real world research being done today! Plus we dig through the Sony hack, answer a ton of great question & a rocki1:42:01no<p>If we could rebuild the Internet from scratch, what would we change? It’s more than just a thought experiment. We’ll share the details about real world research being done today!</p>
<p>Plus we dig through the Sony hack, answer a ton of great question &amp; a rocking roundup!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/us-o1R21euI" height="1" width="1" alt="">
If we could rebuild the Internet from scratch, what would we change? It’s more than just a thought experiment. We’ll share the details about real world research being done today!

Plus we dig through the Sony hack, answer a ton of great question & a rocking roundup!

]]>
If we could rebuild the Internet from scratch, what would we change? It’s more than just a thought experiment. We’ll share the details about real world research being done today!

Plus we dig through the Sony hack, answer a ton of great question & a rocking roundup!

]]>
Episode 191: Celebrity Bugs | TechSNAP 191https://techsnap.systems/191
AABF9C60-DD0D-414E-BA28-2FA568A0DE16Thu, 04 Dec 2014 20:58:59 -0800Jupiter BroadcastingfullJupiter Broadcasting 2014 has been the year of the celebrity bugs, we take a look at the new trend of giving security vulnerabilities names & logos & ask who it truly benefits. Plus practical way to protect yourself from ATM Skimmers, how they work & much more!1:54:27no<p>2014 has been the year of the celebrity bugs, we take a look at the new trend of giving security vulnerabilities names &amp; logos &amp; ask who it truly benefits.</p>
<p>Plus practical way to protect yourself from ATM Skimmers, how they work &amp; much more!</p><img src="http://feeds.feedburner.com/~r/techsnapmp3/~4/kFqn5TlUzqk" height="1" width="1" alt="">
2014 has been the year of the celebrity bugs, we take a look at the new trend of giving security vulnerabilities names & logos & ask who it truly benefits.

Plus practical way to protect yourself from ATM Skimmers, how they work & much more!

]]>
2014 has been the year of the celebrity bugs, we take a look at the new trend of giving security vulnerabilities names & logos & ask who it truly benefits.

Plus practical way to protect yourself from ATM Skimmers, how they work & much more!